SHA256
1
0
forked from pool/strongswan
strongswan/fips-enforce.conf
Mohd Saquib 26fbd0f033 Accepting request 1094809 from home:msaquib:branches:network:vpn
- Removed .hmac files + hmac integrity check logic from strongswan-hmac
  package as it is not mandated anymore by FIPS (boo#1185116)
- Removed folliwng files:
  [- strongswan_fipscheck.patch]
  [- fipscheck.sh.in]
  Note: strongswan-hmac package is not removed as it still provides a
  config file that doesn't allow non-fips approved algorithms

OBS-URL: https://build.opensuse.org/request/show/1094809
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=153
2023-06-23 09:01:07 +00:00

52 lines
666 B
Plaintext

#
# When fips is enabled (fips=1 kernel parameter), only certified openssl
# and kernel crypto API (af-alg) algorithms are supported.
#
# The strongswan-hmac package is supposed to be used/installed when fips
# is enabled and provides this blacklist disabling other plugins
# providing further and/or alternative algorithm implementations.
#
gcrypt {
load = no
}
blowfish {
load = no
}
random {
load = no
}
des {
load = no
}
aes {
load = no
}
rc2 {
load = no
}
ctr {
load = no
}
cmac {
load = no
}
xcbc {
load = no
}
md4 {
load = no
}
md5 {
load = no
}
sha1 {
load = no
}
sha2 {
load = no
}
ccm {
load = no
}