[strongSwan] RNGs and OpenSSL
Jafar Al-Gharaibeh
jafar at atcorp.com
Thu Nov 9 21:22:47 CET 2017
Hi,
I am compiling StrongSwan with these options:
--enable-openssl #enables the OpenSSL crypto plugin.
#--enable-rdrand # don't enable Intel RDRAND random generator plugin.
--disable-random #disable RNG implementation on top of /dev/(u)random.
Looking through the code, OpenSSL plugin itself provides an RNG plugin
so I thought the above configuration
will make sure I'm using the OpenSSL RNG. Is my assumption correct?
what if I enable rdrand above does that become the default for all
random numbers used by strongswan ignoring OpenSSL's RNG?
Does enabling those other RNG plugins have any effect on OpenSSL itself?
I.e is there a way to set OpenSSL's RNG directly from Strongswan?
For OpenSSL (and other plugins), where do I find a list of all supported
configuration options? for example I found the following example on
strongswan website, what other options I can set/unset there?
charon {
load_modular = yes
interfaces_use = eth0
plugins {
openssl {
fips_mode = 0
}
include strongswan.d/charon/*.conf
}
}
Many Thanks,
Jafar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171109/087789ff/attachment.html>
More information about the Users
mailing list