[strongSwan-dev] NIST SP800-131a

Dale H Anderson dalea at us.ibm.com
Tue Jan 22 18:25:40 CET 2013

Hi Martin,

Relative to our prior questions on NIST SP 800-131a compliance, your prior 
answer basically said to use the connection configuration definition to 
specify compliant algorithms and to use compliant certificates for 
authentication which we understand and agree with, but there is a bit more 
to the standard. Here are a few more questions:

1. Does strongSwan inherently use any cryptographic functions for any 
reason that are not controlled through the connection configuration 
2. SP 800-131a refers to SP 800-90A for DRNG (PRNG) algorithms which 
refers to SP 800-90B for entropy sources and SP 800-90C for DRNG 
construction with SP 800-90A and SP 800-90B   definitions.
  a. Is the PRNG in your default cryptographic library compliant with 
these standards?
  b. What is the entropy source for your PRNG and do you manage the PRNG 
per these standards requirements?
3. SP 800-131a's definition implies the use of TLS 1.2 interfaces. Do you 
know of any reason we cannot configure a connection with this protocol? 
4. We are running on StrongSwan 4.6.1. Do you know of any limitations of 
this level relative to this discussion? 
5. I am not particularly expert on your connection configuration files, 
and I am wondering whether this file lets you control things such the TLS 
level and the mechanism for key exchange. I see there lists of these in 
the StrongSwan.Config and that you can over-ride this. Is this where you 
would effect this level of control? For example, say we wanted to limit 
all connections to TLS 1.2 or say we wanted to limit a specific connection 
to TLS 1.2 but allow other connections to use TLS 1.2 or lower levels of 



Martin Willi <martin at strongswan.org>
Dale H Anderson/Tucson/IBM at IBMUS
dev at lists.strongswan.org
01/16/2013 01:37 AM
Re: [strongSwan-dev] NIST SP800-131a

Hi Dale,

> 1. Does strongSwan 4.6.1 comply with NIST SP800-131a?

I haven't read that spec in detail, but it seems that it just defines
algorithms and key lengths to use for "acceptable" operation.

strongSwan can support many of these algorithms and key lengths, it's
just a matter of configuration. Make sure to define the algorithms you
require in your connections in the "esp" and "ike" proposal keywords,
and append a '!' to disable others (man ipsec.conf for details).

If you are using certificates, generate the the keys with appropriate
key length and sign the certificates with the required hashing

So yes, it should be possible to configure strongSwan for NIST
SP800-131a compliance (but it is also possible to configure it to
violate this spec).

> If the answer is no to all three questions, then we will look into using 

> the OpenSSL or libgcrypt routines with strongSwan.

I don't think that the selection of the crypto backend matters, you can
use weak algorithms or key lengths with any backend.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130122/e1491788/attachment.html>

More information about the Dev mailing list