Jan Engelhardt
cf0313df27
the hmac files, it provides the configuration drop in to
enforce fips mode.
- Removes deprecated SysV support
- Added prf-plus-modularization.patch that outsources the IKE
- move file %{_datadir}/dbus-1/system.d/nm-strongswan-service.conf
to strongswan-nm subpackage, as it is needed for the
NetworkManager plugin that uses strongswan-nm, not
- Removed unused requires and macro calls(bsc#1083261)
improved oracle are not compatible with the earlier
(wasn't the case since 5.0.0) and packets that have the flag
also checked against IKEv2 signature schemes. If such
constraints are used for certificate chain validation in
transport mode connections coming over the same NAT device for
Windows 7 IKEv2 clients, which announces its services over the
* For the vici plugin a Python Egg has been added to allow
Python applications to control or monitor the IKE daemon using
* EAP server methods now can fulfill public key constraints,
- Fix build in factory
- Fix systemd unit dir
from glibc
IDr payload anymore.
* Consistent logging of IKE and CHILD SAs at the audit (AUD) level.
caused an INVALID_SYNTAX error on PowerPC platforms.
- Initial, unfinished package
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=165
52 lines
666 B
Plaintext
52 lines
666 B
Plaintext
#
|
|
# When fips is enabled (fips=1 kernel parameter), only certified openssl
|
|
# and kernel crypto API (af-alg) algorithms are supported.
|
|
#
|
|
# The strongswan-hmac package is supposed to be used/installed when fips
|
|
# is enabled and provides this blacklist disabling other plugins
|
|
# providing further and/or alternative algorithm implementations.
|
|
#
|
|
gcrypt {
|
|
load = no
|
|
}
|
|
blowfish {
|
|
load = no
|
|
}
|
|
random {
|
|
load = no
|
|
}
|
|
des {
|
|
load = no
|
|
}
|
|
aes {
|
|
load = no
|
|
}
|
|
rc2 {
|
|
load = no
|
|
}
|
|
ctr {
|
|
load = no
|
|
}
|
|
cmac {
|
|
load = no
|
|
}
|
|
xcbc {
|
|
load = no
|
|
}
|
|
md4 {
|
|
load = no
|
|
}
|
|
md5 {
|
|
load = no
|
|
}
|
|
sha1 {
|
|
load = no
|
|
}
|
|
sha2 {
|
|
load = no
|
|
}
|
|
ccm {
|
|
load = no
|
|
}
|
|
|