[strongSwan] OCSP nonce parameter

Modster, Anthony Anthony.Modster at Teledyne.com
Thu Nov 21 17:39:25 CET 2019

Hello Andreas

Our security department is insisting that strongswan validate the nonce parameter when received.

Is there a way strongswan can accommodate this request.

If not we need a way to disable OCSP.


-----Original Message-----
From: Modster, Anthony 
Sent: Friday, November 8, 2019 9:50 AM
To: Tobias Brunner <tobias at strongswan.org>; users at lists.strongswan.org
Subject: RE: [strongSwan] OCSP nonce parameter

? is there a possibility of a patch to allow checking the received nonce

-----Original Message-----
From: Tobias Brunner <tobias at strongswan.org> 
Sent: Thursday, November 07, 2019 11:27 PM
To: Modster, Anthony <Anthony.Modster at Teledyne.com>; users at lists.strongswan.org
Subject: Re: [strongSwan] OCSP nonce parameter

---External Email---

Hi Anthony,

> When using OCSP, ? is the nonce parameter always set.

Yes, the x509 plugin always adds a random nonce.  It doesn't seem to be used/checked later, though.


More information about the Users mailing list