strongswan

sharpetronics/strongswan

Fork 0

mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00

Commit Graph

Author	SHA1	Message	Date
Tobias Brunner	3cd2e2ccc6	openssl: Make fips_mode option work with OpenSSL 3	2021-12-08 11:34:18 +01:00
Tobias Brunner	f556fce16b	openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc. We still require these algorithms for e.g. EAP-MSCHAPv2, so the option is enabled, by default. To use other providers (e.g. fips or even custom ones), the option can be disabled and the providers to load/activate can be configured in openssl.cnf. For instance, the following has the same effect as enabling the option: openssl_conf = openssl_init [openssl_init] providers = providers [providers] default = activate legacy = activate [activate] activate = yes	2021-12-08 11:34:13 +01:00
Tobias Brunner	828815b0d8	conf: Options of all plugins documented Some options are still missing descriptions though.	2014-02-12 14:34:34 +01:00

Author

SHA1

Message

Date

Tobias Brunner

3cd2e2ccc6

openssl: Make fips_mode option work with OpenSSL 3

2021-12-08 11:34:18 +01:00

Tobias Brunner

f556fce16b

openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc.

We still require these algorithms for e.g. EAP-MSCHAPv2, so the option is
enabled, by default.  To use other providers (e.g. fips or even custom
ones), the option can be disabled and the providers to load/activate can
be configured in openssl.cnf.  For instance, the following has the same
effect as enabling the option:

    openssl_conf = openssl_init

    [openssl_init]
    providers = providers

    [providers]
    default = activate
    legacy = activate

    [activate]
    activate = yes

2021-12-08 11:34:13 +01:00

Tobias Brunner

828815b0d8

conf: Options of all plugins documented

Some options are still missing descriptions though.

2014-02-12 14:34:34 +01:00

3 Commits