forked from pool/strongswan
26fbd0f033
- Removed .hmac files + hmac integrity check logic from strongswan-hmac package as it is not mandated anymore by FIPS (boo#1185116) - Removed folliwng files: [- strongswan_fipscheck.patch] [- fipscheck.sh.in] Note: strongswan-hmac package is not removed as it still provides a config file that doesn't allow non-fips approved algorithms OBS-URL: https://build.opensuse.org/request/show/1094809 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=153
52 lines
666 B
Plaintext
52 lines
666 B
Plaintext
#
|
|
# When fips is enabled (fips=1 kernel parameter), only certified openssl
|
|
# and kernel crypto API (af-alg) algorithms are supported.
|
|
#
|
|
# The strongswan-hmac package is supposed to be used/installed when fips
|
|
# is enabled and provides this blacklist disabling other plugins
|
|
# providing further and/or alternative algorithm implementations.
|
|
#
|
|
gcrypt {
|
|
load = no
|
|
}
|
|
blowfish {
|
|
load = no
|
|
}
|
|
random {
|
|
load = no
|
|
}
|
|
des {
|
|
load = no
|
|
}
|
|
aes {
|
|
load = no
|
|
}
|
|
rc2 {
|
|
load = no
|
|
}
|
|
ctr {
|
|
load = no
|
|
}
|
|
cmac {
|
|
load = no
|
|
}
|
|
xcbc {
|
|
load = no
|
|
}
|
|
md4 {
|
|
load = no
|
|
}
|
|
md5 {
|
|
load = no
|
|
}
|
|
sha1 {
|
|
load = no
|
|
}
|
|
sha2 {
|
|
load = no
|
|
}
|
|
ccm {
|
|
load = no
|
|
}
|
|
|