[strongSwan] RNGs and OpenSSL

Jafar Al-Gharaibeh jafar at atcorp.com
Thu Nov 9 21:22:47 CET 2017


   I am compiling  StrongSwan with these options:

--enable-openssl    #enables the OpenSSL crypto plugin.
#--enable-rdrand      # don't enable Intel RDRAND random generator plugin.
--disable-random    #disable RNG implementation on top of /dev/(u)random.

Looking through the code, OpenSSL plugin itself provides an RNG plugin 
so I thought the above configuration
will make sure I'm using the OpenSSL RNG.  Is my assumption correct?

what if I enable rdrand above does that  become  the default for all 
random numbers used by strongswan ignoring OpenSSL's RNG?

Does enabling those other RNG plugins have any effect on OpenSSL itself? 
I.e is there  a way to set OpenSSL's RNG directly from Strongswan?

For OpenSSL (and other plugins), where do I find a list of all supported 
configuration options? for example I found the following example on 
strongswan website, what other  options I can set/unset there?

charon {
     load_modular = yes
         interfaces_use = eth0
     plugins {
                 openssl {
                      fips_mode = 0
         include strongswan.d/charon/*.conf

Many Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171109/087789ff/attachment.html>

More information about the Users mailing list