Test TLS AEAD cipher suites
This commit is contained in:
parent
37ef086ea7
commit
96e3142c39
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 hmac stroke kernel-netlink socket-default eap-tls updown
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 hmac gcm stroke kernel-netlink socket-default eap-tls updown
|
||||
multiple_authentication=no
|
||||
|
||||
plugins {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 hmac stroke kernel-netlink socket-default eap-tls updown
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 hmac gcm stroke kernel-netlink socket-default eap-tls updown
|
||||
multiple_authentication=no
|
||||
|
||||
plugins {
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES
|
||||
carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
|
||||
carol::cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256::YES
|
||||
carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES
|
||||
moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES
|
||||
moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
charondebug="tls 2"
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-tls updown
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown
|
||||
|
||||
multiple_authentication=no
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
charondebug="tls 2"
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
|
|
|
@ -1,6 +1,11 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-tls updown
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown
|
||||
|
||||
multiple_authentication=no
|
||||
}
|
||||
|
||||
libtls {
|
||||
suites = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES
|
||||
moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES
|
||||
carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES
|
||||
carol::cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256::YES
|
||||
carol::cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256::YES
|
||||
carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
|
||||
carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECSA 521 bit, CN=moon.strongswan.org' with EAP successful::YES
|
||||
moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECDSA 256 bit, CN=carol@strongswan.org' with EAP successful::YES
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl pem pkcs1 random nonce openssl revocation hmac xcbc stroke kernel-netlink socket-default eap-tls updown
|
||||
load = curl pem pkcs1 random nonce openssl revocation stroke kernel-netlink socket-default eap-tls updown
|
||||
multiple_authentication=no
|
||||
}
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl pem pkcs1 random nonce openssl revocation hmac xcbc stroke kernel-netlink socket-default eap-tls updown
|
||||
load = curl pem pkcs1 random nonce openssl revocation stroke kernel-netlink socket-default eap-tls updown
|
||||
multiple_authentication=no
|
||||
}
|
||||
|
||||
libtls {
|
||||
key_exchange = ecdhe-ecdsa
|
||||
cipher = aes128
|
||||
mac = sha256
|
||||
suites = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue