mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-04 00:00:14 -04:00
f556fce16b
We still require these algorithms for e.g. EAP-MSCHAPv2, so the option is
enabled, by default. To use other providers (e.g. fips or even custom
ones), the option can be disabled and the providers to load/activate can
be configured in openssl.cnf. For instance, the following has the same
effect as enabling the option:
openssl_conf = openssl_init
[openssl_init]
providers = providers
[providers]
default = activate
legacy = activate
[activate]
activate = yes
11 lines
451 B
Plaintext
11 lines
451 B
Plaintext
charon.plugins.openssl.engine_id = pkcs11
|
|
ENGINE ID to use in the OpenSSL plugin.
|
|
|
|
charon.plugins.openssl.fips_mode = 0
|
|
Set OpenSSL FIPS mode: disabled(0), enabled(1), Suite B enabled(2).
|
|
|
|
charon.plugins.openssl.load_legacy = yes
|
|
Load the legacy provider in OpenSSL 3+ for algorithms like MD4, DES, or
|
|
Blowfish (the first two are required for EAP-MSCHAPv2). If disabled, the
|
|
default provider is loaded, or those configured in the OpenSSL config.
|