[strongSwan] RNGs and OpenSSL

Thu Nov 9 21:29:06 CET 2017

Use the power of documentation (man pages).

On 09.11.2017 21:22, Jafar Al-Gharaibeh wrote:
> Hi,
>
>   I am compiling  StrongSwan with these options:
>
> --enable-openssl    #enables the OpenSSL crypto plugin.
> #--enable-rdrand      # don't enable Intel RDRAND random generator plugin.
> --disable-random    #disable RNG implementation on top of /dev/(u)random.
>
> Looking through the code, OpenSSL plugin itself provides an RNG plugin so I thought the above configuration
> will make sure I'm using the OpenSSL RNG.  Is my assumption correct? 
>
> what if I enable rdrand above does that  become  the default for all random numbers used by strongswan ignoring OpenSSL's RNG?
>
> Does enabling those other RNG plugins have any effect on OpenSSL itself? I.e is there  a way to set OpenSSL's RNG directly from Strongswan?
>
> For OpenSSL (and other plugins), where do I find a list of all supported configuration options? for example I found the following example on strongswan website, what other  options I can set/unset there?
>
> charon {
>     load_modular = yes
>         interfaces_use = eth0
>     plugins {
>                 openssl {
>                      fips_mode = 0
>                 }
>         include strongswan.d/charon/*.conf
>     }
> }
>
>
>
> Many Thanks,
> Jafar

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171109/ee0834ee/attachment.sig>