Project

General

Profile

Issue #3278

crypto libraries when strongswan is configured to run in the user space

Added by Maha Vasu 11 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Category:
configuration
Affected version:
5.8.1
Resolution:
No change required

Description

Hello,

General question on the crypto libraries used by strongswan to do the IKE processing - when it is configured to run in user mode is there any other crypto library in play besides Openssl? Thank you

History

#1 Updated by Tobias Brunner 11 months ago

  • Status changed from New to Feedback

General question on the crypto libraries used by strongswan to do the IKE processing - when it is configured to run in user mode

What do you mean? IKE is always processed in user mode.

is there any other crypto library in play besides Openssl?

Depends on the loaded plugins (the openssl plugin is just one of many) and their order. See here for an overview of supported algorithms. At runtime you can check the loaded algorithms and which plugin provides the implementation with swanctl --list-algs (or ipsec listalgs for the legacy interface).

#2 Updated by Maha Vasu 11 months ago

Thanks. Besides openssl, we do have algorithms referencing other implementations. Is there way to strictly map them to openssl (if needed)? This is for FIPS compliance reasons

#3 Updated by Tobias Brunner 11 months ago

Is there way to strictly map them to openssl (if needed)?

Don't load the other plugins.

#4 Updated by Tobias Brunner about 1 month ago

  • Category set to configuration
  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No change required

Also available in: Atom PDF