mirror of
https://github.com/strongswan/strongswan.git
synced 2025-11-04 00:00:51 -05:00
19 lines
894 B
Plaintext
19 lines
894 B
Plaintext
charon.plugins.openssl.engine_id = pkcs11
|
|
ENGINE ID to use in the OpenSSL plugin.
|
|
|
|
charon.plugins.openssl.fips_mode = 0
|
|
Set OpenSSL FIPS mode: disabled(0), enabled(1), Suite B enabled(2).
|
|
|
|
Set OpenSSL FIPS mode. With OpenSSL before 3.0, the supported values are
|
|
disabled(0), enabled(1) and Suite B enabled(2). With OpenSSL 3+, any value
|
|
other than 0 will explicitly load the fips and base providers (_load_legacy_
|
|
will be ignored). The latter still requires the config in fipsmodule.cnf
|
|
(e.g. for the module's MAC), but allows explicitly loading the provider if
|
|
it's not activated in that config.
|
|
|
|
charon.plugins.openssl.load_legacy = yes
|
|
Load the legacy provider in OpenSSL 3+ for algorithms like MD4, DES, or
|
|
Blowfish (the first two are required for EAP-MSCHAPv2). If disabled, the
|
|
default provider is loaded, or those configured in the OpenSSL config (e.g.
|
|
the fips provider).
|