[strongSwan-dev] NIST SP800-131a
Dale H Anderson
dalea at us.ibm.com
Tue Jan 22 18:25:40 CET 2013
Relative to our prior questions on NIST SP 800-131a compliance, your prior
answer basically said to use the connection configuration definition to
specify compliant algorithms and to use compliant certificates for
authentication which we understand and agree with, but there is a bit more
to the standard. Here are a few more questions:
1. Does strongSwan inherently use any cryptographic functions for any
reason that are not controlled through the connection configuration
2. SP 800-131a refers to SP 800-90A for DRNG (PRNG) algorithms which
refers to SP 800-90B for entropy sources and SP 800-90C for DRNG
construction with SP 800-90A and SP 800-90B definitions.
a. Is the PRNG in your default cryptographic library compliant with
b. What is the entropy source for your PRNG and do you manage the PRNG
per these standards requirements?
3. SP 800-131a's definition implies the use of TLS 1.2 interfaces. Do you
know of any reason we cannot configure a connection with this protocol?
4. We are running on StrongSwan 4.6.1. Do you know of any limitations of
this level relative to this discussion?
5. I am not particularly expert on your connection configuration files,
and I am wondering whether this file lets you control things such the TLS
level and the mechanism for key exchange. I see there lists of these in
the StrongSwan.Config and that you can over-ride this. Is this where you
would effect this level of control? For example, say we wanted to limit
all connections to TLS 1.2 or say we wanted to limit a specific connection
to TLS 1.2 but allow other connections to use TLS 1.2 or lower levels of
Martin Willi <martin at strongswan.org>
Dale H Anderson/Tucson/IBM at IBMUS
dev at lists.strongswan.org
01/16/2013 01:37 AM
Re: [strongSwan-dev] NIST SP800-131a
> 1. Does strongSwan 4.6.1 comply with NIST SP800-131a?
I haven't read that spec in detail, but it seems that it just defines
algorithms and key lengths to use for "acceptable" operation.
strongSwan can support many of these algorithms and key lengths, it's
just a matter of configuration. Make sure to define the algorithms you
require in your connections in the "esp" and "ike" proposal keywords,
and append a '!' to disable others (man ipsec.conf for details).
If you are using certificates, generate the the keys with appropriate
key length and sign the certificates with the required hashing
So yes, it should be possible to configure strongSwan for NIST
SP800-131a compliance (but it is also possible to configure it to
violate this spec).
> If the answer is no to all three questions, then we will look into using
> the OpenSSL or libgcrypt routines with strongSwan.
I don't think that the selection of the crypto backend matters, you can
use weak algorithms or key lengths with any backend.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev