52 lines
666 B
Plaintext
52 lines
666 B
Plaintext
#
|
|
# When fips is enabled (fips=1 kernel parameter), only certified openssl
|
|
# and kernel crypto API (af-alg) algorithms are supported.
|
|
#
|
|
# The strongswan-hmac package is supposed to be used/installed when fips
|
|
# is enabled and provides this blacklist disabling other plugins
|
|
# providing further and/or alternative algorithm implementations.
|
|
#
|
|
gcrypt {
|
|
load = no
|
|
}
|
|
blowfish {
|
|
load = no
|
|
}
|
|
random {
|
|
load = no
|
|
}
|
|
des {
|
|
load = no
|
|
}
|
|
aes {
|
|
load = no
|
|
}
|
|
rc2 {
|
|
load = no
|
|
}
|
|
ctr {
|
|
load = no
|
|
}
|
|
cmac {
|
|
load = no
|
|
}
|
|
xcbc {
|
|
load = no
|
|
}
|
|
md4 {
|
|
load = no
|
|
}
|
|
md5 {
|
|
load = no
|
|
}
|
|
sha1 {
|
|
load = no
|
|
}
|
|
sha2 {
|
|
load = no
|
|
}
|
|
ccm {
|
|
load = no
|
|
}
|
|
|