[strongSwan] OCSP nonce parameter

Modster, Anthony Anthony.Modster at Teledyne.com
Mon Nov 25 18:30:30 CET 2019


Thanks

-----Original Message-----
From: Users <users-bounces at lists.strongswan.org> On Behalf Of Tobias Brunner
Sent: Monday, November 25, 2019 4:36 AM
To: Modster, Anthony <Anthony.Modster at Teledyne.com>; users at lists.strongswan.org; Andreas Steffen <andreas.steffen at strongswan.org>
Cc: Amare, Mesfin <Mesfin.Amare at Teledyne.com>
Subject: Re: [strongSwan] OCSP nonce parameter

---External Email---

Hi Anthony,

> Our security department is insisting that strongswan validate the nonce parameter when received.
> 
> Is there a way strongswan can accommodate this request.

I pushed some changes to that effect to the ocsp-nonce branch [1].

> If not we need a way to disable OCSP.

You can do so via charon.plugins.revocation.enable_ocsp.

Regards,
Tobias

[1]
https://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/ocsp-nonce


More information about the Users mailing list