sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-12-05 00:01:49 -05:00
Code Issues Projects Releases Wiki Activity
5,868 Commits 104 Branches 331 Tags
Commit Graph

5868 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Martin Willi
adb913adeb Added strongswan.conf option to filter for specific TLS suites 2010-09-06 16:51:11 +02:00
Martin Willi
24a5b935e7 Added strongswan.conf options to filter cipher suites by specific algorithms 2010-09-06 16:51:04 +02:00
Martin Willi
a92a348092 Register missing AUTH_HMAC_SHA384 algorithm without truncation 2010-09-06 16:50:58 +02:00
Martin Willi
a03eebdf93 Fixed key type in TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 2010-09-06 16:50:54 +02:00
Martin Willi
e6cce7ff0d Prepend point format to ECDH public key 2010-09-06 15:37:51 +02:00
Martin Willi
e4fd2bb428 Log the selected (EC)DH group 2010-09-06 15:37:51 +02:00
Martin Willi
0f89143b84 Parse unsupported TLS Hello extensions properly 2010-09-06 15:37:51 +02:00
Martin Willi
6cf85b35a4 Added TLS extension identifiers from RFC 3546 2010-09-06 15:37:51 +02:00
Tobias Brunner
3255e489be Of course, mark is also supported by pluto. 2010-09-06 12:04:26 +02:00
Tobias Brunner
a674c79a37 mark_in and mark_out are also supported by pluto. 2010-09-06 11:53:59 +02:00
Martin Willi
4e68c1cfdc Do not propose (EC)DHE suites if we do not support them 2010-09-03 18:24:03 +02:00
Martin Willi
4254257f9d Offer only algorithms/suites we have a registered public key backend for 2010-09-03 18:11:03 +02:00
Martin Willi
d987946e80 Added a final flag to builder registration to enumerate the actually supported algorithms 2010-09-03 18:09:48 +02:00
Martin Willi
f9c0cf862c Fixed key type of ECDHE_RSA groups 2010-09-03 17:24:39 +02:00
Martin Willi
3f7bb88ba3 Use a dynamic curve enumerator to list/convert TLS named curves 2010-09-03 17:24:23 +02:00
Martin Willi
f4c98ae664 Use ECDH group check where appropriate 2010-09-03 16:53:36 +02:00
Martin Willi
7d7711aba4 Added a generic function to check if a DH group is an EC group 2010-09-03 16:22:10 +02:00
Martin Willi
2066918da2 Add ECDHE enabled cipher suites, including ECDSA variants 2010-09-03 14:54:43 +02:00
Martin Willi
033fe95f0b Added support for a non-truncated SHA384 HMAC variant, as used by TLS 2010-09-03 14:54:43 +02:00
Martin Willi
4cdade5aae Select private key based on received cipher suites 2010-09-03 14:54:43 +02:00
Martin Willi
37a59a8fbf Support for EC curve Hello extension, EC curve fallback 2010-09-03 14:54:43 +02:00
Martin Willi
141d7f7abd Added server support for ECDHE key exchange 2010-09-03 14:54:43 +02:00
Martin Willi
5fc7297e38 Added client support for ECDHE key exchange 2010-09-03 14:54:43 +02:00
Martin Willi
691ca54db5 Added TLS EC curve type and name identifiers 2010-09-03 14:54:43 +02:00
Andreas Steffen
1972102e1e fixed typo 2010-09-03 13:30:40 +02:00
Andreas Steffen
6d71f4dcb9 updown script variable is called PLUTO_UDP_ENC 2010-09-03 12:58:10 +02:00
Tobias Brunner
ddc961c369 Fixed left-/rightnexthop ipsec.conf options. 2010-09-03 11:47:42 +02:00
Martin Willi
ccb65463e7 Check for queued TLS alerts after each handshake part 2010-09-03 09:33:15 +02:00
Martin Willi
ed60dfa14f Added support for MODP_CUSTOM to gcrypt plugin 2010-09-03 09:33:15 +02:00
Martin Willi
42b1ac91c4 Added support for MODP_CUSTOM to openssl plugin 2010-09-03 09:33:15 +02:00
Andreas Steffen
6deeacd965 adapted debug options 2010-09-03 09:29:56 +02:00
Andreas Steffen
4cbe758cd4 adapted debug options 2010-09-03 09:27:16 +02:00
Andreas Steffen
c0071bde73 removed redundant debug output 2010-09-02 22:19:37 +02:00
Andreas Steffen
25de08474b version bump to 4.5.0dr2 2010-09-02 22:19:37 +02:00
Andreas Steffen
5175adee66 optimized FreeRadius scenarios for debug output 2010-09-02 22:19:37 +02:00
Andreas Steffen
0fb2980281 added ikev2/rw-eap-tnc-radius scenario 2010-09-02 22:19:37 +02:00
Andreas Steffen
c0cecc0a0e added radius init script mit increased debugging 2010-09-02 22:19:37 +02:00
Andreas Steffen
f9cfb5c836 display configuration and log of FreeRadius servers 2010-09-02 22:19:37 +02:00
Martin Willi
ef0a8e5892 Add DHE enabled RSA variants to the supported TLS suites 2010-09-02 19:33:08 +02:00
Martin Willi
f14358a9b5 Added TLS server side support for DHE suites 2010-09-02 19:33:08 +02:00
Martin Willi
da3f4a9fd0 Added TLS client side support for DHE suites 2010-09-02 19:33:08 +02:00
Martin Willi
35d9c15d5e Store a MODP group we use for each TLS suite 2010-09-02 19:33:08 +02:00
Martin Willi
08d8b9405b Added support for MODP_CUSTOM to gmp plugin 2010-09-02 19:33:08 +02:00
Martin Willi
0abd558a65 Added a MODP_CUSTOM DH group which takes g and p as constructor arguments 2010-09-02 19:33:08 +02:00
Martin Willi
06109c4717 Implemented "signature algorithm" hello extension 2010-09-02 19:33:08 +02:00
Martin Willi
731611c525 Added TLS extension identifiers 2010-09-02 19:33:08 +02:00
Martin Willi
d29a82a9d4 Added generic TLS data sign/verify, hash/sig algorithm construction 2010-09-02 19:33:08 +02:00
Martin Willi
60c4b3b545 Continue with a randomized premaster if decryption failed / version mismatches 2010-09-02 19:33:08 +02:00
Tobias Brunner
1dfd6d18ff pluto: Removed unused lifetime from raw_eroute. 2010-09-02 19:04:26 +02:00
Tobias Brunner
b5be105aaf pluto: Added support for statically configured reqids. 2010-09-02 19:04:25 +02:00