[strongSwan] OCSP nonce parameter
Modster, Anthony
Anthony.Modster at Teledyne.com
Thu Nov 21 17:39:25 CET 2019
Hello Andreas
Our security department is insisting that strongswan validate the nonce parameter when received.
Is there a way strongswan can accommodate this request.
If not we need a way to disable OCSP.
Thanks
-----Original Message-----
From: Modster, Anthony
Sent: Friday, November 8, 2019 9:50 AM
To: Tobias Brunner <tobias at strongswan.org>; users at lists.strongswan.org
Subject: RE: [strongSwan] OCSP nonce parameter
? is there a possibility of a patch to allow checking the received nonce
-----Original Message-----
From: Tobias Brunner <tobias at strongswan.org>
Sent: Thursday, November 07, 2019 11:27 PM
To: Modster, Anthony <Anthony.Modster at Teledyne.com>; users at lists.strongswan.org
Subject: Re: [strongSwan] OCSP nonce parameter
---External Email---
Hi Anthony,
> When using OCSP, ? is the nonce parameter always set.
Yes, the x509 plugin always adds a random nonce. It doesn't seem to be used/checked later, though.
Regards,
Tobias
More information about the Users
mailing list