carol::cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
+carol::cat /var/log/daemon.log::negotiated TLS 1.3 using suite TLS_AES_256_GCM_SHA384::YES
carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
carol::cat /var/log/daemon.log::EAP method EAP_PEAP succeeded, MSK established::YES
carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.strongswan.org' with EAP successful::YES
dave:: cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
+dave:: cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384::YES
dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
moon:: cat /var/log/daemon.log::EAP_PEAP phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384
}
}
}
}
+
+libtls {
+ version_max = 1.3
+}
carol::cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
+carol::cat /var/log/daemon.log::negotiated TLS 1.3 using suite TLS_AES_256_GCM_SHA384::YES
carol::cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YES
carol::cat /var/log/daemon.log::EAP method EAP_PEAP succeeded, MSK established::YES
carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.strongswan.org' with EAP successful::YES
dave:: cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
+dave:: cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384::YES
dave:: cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YES
dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
moon:: cat /var/log/daemon.log::EAP_PEAP phase2 authentication of 'carol@strongswan.org' with EAP_MSCHAPV2 successful::YES
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384
}
}
}
}
+
+libtls {
+ version_max = 1.3
+}
carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES
carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
-carol::cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384::YES
+carol::cat /var/log/daemon.log::negotiated TLS 1.3 using suite TLS_AES_256_GCM_SHA384::YES
carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.strongswan.org' with EAP successful::YES
dave::cat /var/log/daemon.log::no issuer certificate found for \"C=CH, O=strongSwan Project, CN=moon.strongswan.org\"::YES
dave::cat /var/log/daemon.log::no TLS public key found for server 'C=CH, O=strongSwan Project, CN=moon.strongswan.org'::YES
}
}
}
+
+libtls {
+ version_max = 1.3
+}
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
}
+carol::cat /var/log/daemon.log::negotiated TLS 1.3 using suite TLS_AES_128_GCM_SHA256::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
}
charon-systemd {
- load = random nonce md5 sha1 sha2 sha3 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici
+ load = random nonce md5 sha1 sha2 sha3 aes hmac gcm kdf pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256
}
}
charon-systemd {
- load = random nonce md5 sha1 sha2 sha3 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici
+ load = random nonce md5 sha1 sha2 sha3 aes hmac gcm kdf pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici
+}
+
+libtls {
+ version_max = 1.3
}
carol::cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES
carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
+carol::cat /var/log/daemon.log::negotiated TLS 1.3 using suite TLS_AES_256_GCM_SHA384::YES
carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.strongswan.org' with EAP successful::YES
dave:: cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES
dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
+dave:: cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384::YES
dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
moon:: cat /var/log/daemon.log::EAP_TTLS phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384
}
}
}
}
+
+libtls {
+ version_max = 1.3
+}
+carol::cat /var/log/daemon.log::negotiated TLS 1.3 using suite TLS_AES_128_GCM_SHA256::YES
carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES
carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+dave:: cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256::YES
dave:: cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac gcm curve25519 kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256
}
libimcv {
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac gcm curve25519 kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
multiple_authentication = no
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
}
libimcv {
+carol::cat /var/log/daemon.log::negotiated TLS 1.3 using suite TLS_AES_128_GCM_SHA256::YES
carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+dave:: cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256::YES
dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Denied'::YES
dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac gcm curve25519 kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256
}
libimcv {
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac gcm curve25519 kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
}
+carol::cat /var/log/daemon.log::negotiated TLS 1.3 using suite TLS_AES_128_GCM_SHA256::YES
carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES
+dave:: cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256::YES
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac gcm curve25519 kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256
}
libimcv {
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac gcm curve25519 kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
}
libimcv {
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES
+dave:: cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256::YES
dave:: cat /var/log/daemon.log::PDP server.*aaa.strongswan.org.*is listening on port 271::YES
dave:: cat /var/log/daemon.log::collected ... SW records::YES
dave:: cat /var/log/daemon.log::PB-TNC access recommendation is .*Quarantined::YES
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES
+carol::cat /var/log/daemon.log::negotiated TLS 1.3 using suite TLS_AES_128_GCM_SHA256::YES
carol::cat /var/log/daemon.log::PDP server.*aaa.strongswan.org.*is listening on port 271::YES
carol::cat /var/log/daemon.log::collected ... SW ID records::YES
carol::cat /var/log/daemon.log::strongswan.org__strongSwan.*swidtag::YES
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac gcm curve25519 kdf x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
syslog {
daemon {
}
}
}
+
+libtls {
+ version_max = 1.3
+}
\ No newline at end of file
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac gcm curve25519 kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
syslog {
daemon {
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256
}
+carol::cat /var/log/daemon.log::negotiated TLS 1.3 using suite TLS_AES_128_GCM_SHA256::YES
carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+dave:: cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256::YES
dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac kdf pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac gcm curve25519 kdf pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256
}
libimcv {
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac kdf pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
+ load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac gcm curve25519 kdf pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
multiple_authentication = no
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
}
libimcv {
+carol::cat /var/log/daemon.log::negotiated TLS 1.3 using suite TLS_AES_128_GCM_SHA256::YES
carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+dave:: cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256::YES
dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
}
libtls {
- suites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256
}
libimcv {
}
libtls {
- suites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
}
libimcv {
+carol::cat /var/log/daemon.log::negotiated TLS 1.3 using suite TLS_AES_128_GCM_SHA256::YES
carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+dave:: cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256::YES
dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp curve25519 hmac gcm kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256
}
libimcv {
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp curve25519 hmac gcm kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
}
+carol::cat /var/log/daemon.log::negotiated TLS 1.3 using suite TLS_AES_128_GCM_SHA256::YES
carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+dave:: cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256::YES
dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac gcm curve25519 kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256
}
libimcv {
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac gcm curve25519 kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
multiple_authentication = no
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
}
libimcv {
+carol::cat /var/log/daemon.log::negotiated TLS 1.3 using suite TLS_AES_128_GCM_SHA256::YES
carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES
carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+dave:: cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256::YES
dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac gcm curve25519 kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
integrity_test = yes
}
}
-ilibtls {
- suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+libtls {
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256
}
libimcv {
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-dynamic tnccs-11 tnccs-20 tnc-imv updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac gcm curve25519 kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-dynamic tnccs-11 tnccs-20 tnc-imv updown
multiple_authentication=no
integrity_test = yes
}
libtls {
- suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ version_max = 1.3
+ suites = TLS_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
}
projects / thirdparty / strongswan.git / commitdiff
