aboutsummaryrefslogtreecommitdiffstats
path: root/testing
diff options
context:
space:
mode:
authorAndreas Steffen <andreas.steffen@strongswan.org>2009-06-07 12:44:02 +0200
committerMartin Willi <martin@strongswan.org>2009-06-09 11:03:34 +0200
commit4ca4efb28f8c3d49eebc62bd21ac5e1e029bb34d (patch)
tree4a5fa39aaa38527002a134eb2207e06049342ab1 /testing
parent53df4793d44b44970558cdb156c90c5984d66818 (diff)
downloadstrongswan-4ca4efb28f8c3d49eebc62bd21ac5e1e029bb34d.tar.bz2
strongswan-4ca4efb28f8c3d49eebc62bd21ac5e1e029bb34d.tar.xz
update strongswan.conf for pluto and scepclient
Diffstat (limited to 'testing')
-rw-r--r--testing/hosts/alice/etc/strongswan.conf8
-rw-r--r--testing/hosts/bob/etc/strongswan.conf8
-rw-r--r--testing/hosts/carol/etc/strongswan.conf8
-rw-r--r--testing/hosts/dave/etc/strongswan.conf8
-rw-r--r--testing/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/hosts/sun/etc/strongswan.conf8
-rw-r--r--testing/hosts/venus/etc/strongswan.conf8
-rw-r--r--testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf4
-rw-r--r--testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf4
-rw-r--r--testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf8
-rw-r--r--testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/ikev1/alg-serpent/hosts/carol/etc/strongswan.conf8
-rw-r--r--testing/tests/ikev1/alg-serpent/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/ikev1/alg-twofish/hosts/carol/etc/strongswan.conf8
-rw-r--r--testing/tests/ikev1/alg-twofish/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf8
-rw-r--r--testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf10
-rw-r--r--testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf8
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf8
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf10
-rw-r--r--testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf10
-rw-r--r--testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf2
48 files changed, 302 insertions, 38 deletions
diff --git a/testing/hosts/alice/etc/strongswan.conf b/testing/hosts/alice/etc/strongswan.conf
index aedc2a8f6..4e52c6a6b 100644
--- a/testing/hosts/alice/etc/strongswan.conf
+++ b/testing/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/hosts/bob/etc/strongswan.conf b/testing/hosts/bob/etc/strongswan.conf
index aedc2a8f6..4e52c6a6b 100644
--- a/testing/hosts/bob/etc/strongswan.conf
+++ b/testing/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/hosts/carol/etc/strongswan.conf b/testing/hosts/carol/etc/strongswan.conf
index aedc2a8f6..4e52c6a6b 100644
--- a/testing/hosts/carol/etc/strongswan.conf
+++ b/testing/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/hosts/dave/etc/strongswan.conf b/testing/hosts/dave/etc/strongswan.conf
index aedc2a8f6..4e52c6a6b 100644
--- a/testing/hosts/dave/etc/strongswan.conf
+++ b/testing/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/hosts/moon/etc/strongswan.conf b/testing/hosts/moon/etc/strongswan.conf
index aedc2a8f6..4e52c6a6b 100644
--- a/testing/hosts/moon/etc/strongswan.conf
+++ b/testing/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/hosts/sun/etc/strongswan.conf b/testing/hosts/sun/etc/strongswan.conf
index aedc2a8f6..4e52c6a6b 100644
--- a/testing/hosts/sun/etc/strongswan.conf
+++ b/testing/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/hosts/venus/etc/strongswan.conf b/testing/hosts/venus/etc/strongswan.conf
index aedc2a8f6..4e52c6a6b 100644
--- a/testing/hosts/venus/etc/strongswan.conf
+++ b/testing/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
index bdb0f2a88..8dcb265b7 100644
--- a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,9 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 gmp random pubkey hmac x509 xcbc stroke kernel-netlink
}
pluto {
- load = curl aes des sha1 sha2 md5 gmp random hmac
+ load = curl aes des sha1 sha2 md5 gmp random pubkey hmac
}
diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
index bdb0f2a88..8dcb265b7 100644
--- a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
@@ -1,9 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 gmp random pubkey hmac x509 xcbc stroke kernel-netlink
}
pluto {
- load = curl aes des sha1 sha2 md5 gmp random hmac
+ load = curl aes des sha1 sha2 md5 gmp random pubkey hmac
}
diff --git a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf
index d936ea36e..f5401f260 100644
--- a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des blowfish hmac gmp random curl
+ load = sha1 sha2 md5 aes des blowfish hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf
index d936ea36e..f5401f260 100644
--- a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des blowfish hmac gmp random curl
+ load = sha1 sha2 md5 aes des blowfish hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/alg-serpent/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
index f68de87f6..952664687 100644
--- a/testing/tests/ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des serpent hmac gmp random curl
+ load = sha1 sha2 md5 aes des serpent hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/alg-serpent/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
index f68de87f6..952664687 100644
--- a/testing/tests/ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des serpent hmac gmp random curl
+ load = sha1 sha2 md5 aes des serpent hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/alg-twofish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
index a8fdf787e..57bf3cc74 100644
--- a/testing/tests/ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des twofish hmac gmp random curl
+ load = sha1 sha2 md5 aes des twofish hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/alg-twofish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
index a8fdf787e..57bf3cc74 100644
--- a/testing/tests/ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des twofish hmac gmp random curl
+ load = sha1 sha2 md5 aes des twofish hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf
index 7ec52c7f3..343221385 100644
--- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,13 @@
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
}
openac {
load = sha1 sha2 md5 gmp random x509 pubkey
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf
index c4edaf932..b15cf2d3f 100644
--- a/testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl ldap
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf
index c4edaf932..b15cf2d3f 100644
--- a/testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl ldap
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf
index 1e209ce83..52fd0c788 100644
--- a/testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf
@@ -1,9 +1,15 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
}
scepclient {
- load = sha1 sha2 md5 aes des hmac random
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf
index 1e209ce83..52fd0c788 100644
--- a/testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf
@@ -1,9 +1,15 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
}
scepclient {
- load = sha1 sha2 md5 aes des hmac random
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
index 4dd8fe800..3e950c81d 100644
--- a/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
dns1 = PH_IP_WINNETOU
dns2 = PH_IP6_VENUS
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
index c4edaf932..b15cf2d3f 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl ldap
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
index c4edaf932..b15cf2d3f 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl ldap
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
index c4edaf932..b15cf2d3f 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl ldap
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
index 545af358c..85e5f1aee 100644
--- a/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
@@ -3,3 +3,9 @@
pluto {
load = sha1 sha2 md5 aes des hmac gmp random
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
index 545af358c..85e5f1aee 100644
--- a/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
@@ -3,3 +3,9 @@
pluto {
load = sha1 sha2 md5 aes des hmac gmp random
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/strongswan.conf b/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
index 545af358c..85e5f1aee 100644
--- a/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
@@ -3,3 +3,9 @@
pluto {
load = sha1 sha2 md5 aes des hmac gmp random
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf
index 545af358c..85e5f1aee 100644
--- a/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf
@@ -3,3 +3,9 @@
pluto {
load = sha1 sha2 md5 aes des hmac gmp random
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf
index 545af358c..85e5f1aee 100644
--- a/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf
@@ -3,3 +3,9 @@
pluto {
load = sha1 sha2 md5 aes des hmac gmp random
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf
index 545af358c..85e5f1aee 100644
--- a/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -3,3 +3,9 @@
pluto {
load = sha1 sha2 md5 aes des hmac gmp random
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf
index 545af358c..85e5f1aee 100644
--- a/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -3,3 +3,9 @@
pluto {
load = sha1 sha2 md5 aes des hmac gmp random
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf
index 1e209ce83..52fd0c788 100644
--- a/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf
@@ -1,9 +1,15 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
}
scepclient {
- load = sha1 sha2 md5 aes des hmac random
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf
index 1e209ce83..52fd0c788 100644
--- a/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf
@@ -1,9 +1,15 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
}
scepclient {
- load = sha1 sha2 md5 aes des hmac random
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/strongswan.conf
index 545af358c..85e5f1aee 100644
--- a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/strongswan.conf
@@ -3,3 +3,9 @@
pluto {
load = sha1 sha2 md5 aes des hmac gmp random
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/strongswan.conf
index 545af358c..85e5f1aee 100644
--- a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/strongswan.conf
@@ -3,3 +3,9 @@
pluto {
load = sha1 sha2 md5 aes des hmac gmp random
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
index 545af358c..85e5f1aee 100644
--- a/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -3,3 +3,9 @@
pluto {
load = sha1 sha2 md5 aes des hmac gmp random
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
index 545af358c..85e5f1aee 100644
--- a/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -3,3 +3,9 @@
pluto {
load = sha1 sha2 md5 aes des hmac gmp random
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
index 545af358c..85e5f1aee 100644
--- a/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -3,3 +3,9 @@
pluto {
load = sha1 sha2 md5 aes des hmac gmp random
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
index 545af358c..85e5f1aee 100644
--- a/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -3,3 +3,9 @@
pluto {
load = sha1 sha2 md5 aes des hmac gmp random
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/strongswan.conf
index 545af358c..85e5f1aee 100644
--- a/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/strongswan.conf
@@ -3,3 +3,9 @@
pluto {
load = sha1 sha2 md5 aes des hmac gmp random
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/strongswan.conf
index 545af358c..85e5f1aee 100644
--- a/testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/strongswan.conf
@@ -3,3 +3,9 @@
pluto {
load = sha1 sha2 md5 aes des hmac gmp random
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf
index 1e209ce83..52fd0c788 100644
--- a/testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf
@@ -1,9 +1,15 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
}
scepclient {
- load = sha1 sha2 md5 aes des hmac random
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf
index 1e209ce83..52fd0c788 100644
--- a/testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf
@@ -1,9 +1,15 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac gmp random curl
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
}
scepclient {
- load = sha1 sha2 md5 aes des hmac random
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf
index 545af358c..85e5f1aee 100644
--- a/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf
@@ -3,3 +3,9 @@
pluto {
load = sha1 sha2 md5 aes des hmac gmp random
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf
index 545af358c..85e5f1aee 100644
--- a/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf
@@ -3,3 +3,9 @@
pluto {
load = sha1 sha2 md5 aes des hmac gmp random
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf
index 545af358c..85e5f1aee 100644
--- a/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf
@@ -3,3 +3,9 @@
pluto {
load = sha1 sha2 md5 aes des hmac gmp random
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
index 1289b130c..6cb8c1369 100644
--- a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ charon {
}
scepclient {
- load = sha1 sha2 md5 aes des hmac random
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random
}
diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
index 1289b130c..6cb8c1369 100644
--- a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ charon {
}
scepclient {
- load = sha1 sha2 md5 aes des hmac random
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-25 23:01:01 +0000