# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 hmac stroke kernel-netlink socket-default eap-tls updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 hmac gcm stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
plugins {
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 hmac stroke kernel-netlink socket-default eap-tls updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 hmac gcm stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
plugins {
carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES
carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
+carol::cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256::YES
carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES
moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES
moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
+ charondebug="tls 2"
conn %default
ikelifetime=60m
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-tls updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown
+
multiple_authentication=no
}
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
+ charondebug="tls 2"
conn %default
ikelifetime=60m
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-tls updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown
+
multiple_authentication=no
}
+
+libtls {
+ suites = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+}
carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES
moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES
carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES
-carol::cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256::YES
+carol::cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256::YES
carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECSA 521 bit, CN=moon.strongswan.org' with EAP successful::YES
moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECDSA 256 bit, CN=carol@strongswan.org' with EAP successful::YES
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 random nonce openssl revocation hmac xcbc stroke kernel-netlink socket-default eap-tls updown
+ load = curl pem pkcs1 random nonce openssl revocation stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 random nonce openssl revocation hmac xcbc stroke kernel-netlink socket-default eap-tls updown
+ load = curl pem pkcs1 random nonce openssl revocation stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
}
libtls {
- key_exchange = ecdhe-ecdsa
- cipher = aes128
- mac = sha256
+ suites = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
}
projects / thirdparty / strongswan.git / commitdiff
