# /etc/strongswan.conf - strongSwan configuration file

charon {
  load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
  multiple_authentication=no
  plugins {
    eap-ttls {
      phase2_method = md5
      phase2_piggyback = yes
      phase2_tnc = yes
    }
    eap-tnc {
      protocol = tnccs-2.0
    }
  }
}

libimcv {
  database = sqlite:///etc/pts/config.db
  policy_script = ipsec imv_policy_manager
  plugins {
    imv-attestation {
      hash_algorithm = sha1
      dh_group = modp2048
      mandatory_dh_groups = no
    }
  }
}

attest {
  load = random nonce openssl sqlite
  database = sqlite:///etc/pts/config.db
}