53 lines
742 B
Plaintext
53 lines
742 B
Plaintext
|
#
|
||
|
# When fips is enabled (fips=1 kernel parameter), only certified openssl
|
||
|
# and kernel crypto API (af-alg) algorithms are supported.
|
||
|
#
|
||
|
# The strongswan-hmac package is supposed to be used/installed when fips
|
||
|
# is enabled and provides the hmac hashes, a "ipsec _fipscheck" script
|
||
|
# verifying the components and this blacklist disabling other plugins
|
||
|
# providing further and/or alternative algorithm implementations.
|
||
|
#
|
||
|
gcrypt {
|
||
|
load = no
|
||
|
}
|
||
|
blowfish {
|
||
|
load = no
|
||
|
}
|
||
|
random {
|
||
|
load = no
|
||
|
}
|
||
|
des {
|
||
|
load = no
|
||
|
}
|
||
|
aes {
|
||
|
load = no
|
||
|
}
|
||
|
rc2 {
|
||
|
load = no
|
||
|
}
|
||
|
ctr {
|
||
|
load = no
|
||
|
}
|
||
|
cmac {
|
||
|
load = no
|
||
|
}
|
||
|
xcbc {
|
||
|
load = no
|
||
|
}
|
||
|
md4 {
|
||
|
load = no
|
||
|
}
|
||
|
md5 {
|
||
|
load = no
|
||
|
}
|
||
|
sha1 {
|
||
|
load = no
|
||
|
}
|
||
|
sha2 {
|
||
|
load = no
|
||
|
}
|
||
|
ccm {
|
||
|
load = no
|
||
|
}
|
||
|
|