update strongswan.conf for pluto and scepclient

diff --git a/testing/hosts/alice/etc/strongswan.conf b/testing/hosts/alice/etc/strongswan.conf
index aedc2a8..4e52c6a 100644 (file)
--- a/testing/hosts/alice/etc/strongswan.conf
+++ b/testing/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/hosts/bob/etc/strongswan.conf b/testing/hosts/bob/etc/strongswan.conf
index aedc2a8..4e52c6a 100644 (file)
--- a/testing/hosts/bob/etc/strongswan.conf
+++ b/testing/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/hosts/carol/etc/strongswan.conf b/testing/hosts/carol/etc/strongswan.conf
index aedc2a8..4e52c6a 100644 (file)
--- a/testing/hosts/carol/etc/strongswan.conf
+++ b/testing/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/hosts/dave/etc/strongswan.conf b/testing/hosts/dave/etc/strongswan.conf
index aedc2a8..4e52c6a 100644 (file)
--- a/testing/hosts/dave/etc/strongswan.conf
+++ b/testing/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/hosts/moon/etc/strongswan.conf b/testing/hosts/moon/etc/strongswan.conf
index aedc2a8..4e52c6a 100644 (file)
--- a/testing/hosts/moon/etc/strongswan.conf
+++ b/testing/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/hosts/sun/etc/strongswan.conf b/testing/hosts/sun/etc/strongswan.conf
index aedc2a8..4e52c6a 100644 (file)
--- a/testing/hosts/sun/etc/strongswan.conf
+++ b/testing/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/hosts/venus/etc/strongswan.conf b/testing/hosts/venus/etc/strongswan.conf
index aedc2a8..4e52c6a 100644 (file)
--- a/testing/hosts/venus/etc/strongswan.conf
+++ b/testing/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
index bdb0f2a..8dcb265 100644 (file)
--- a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,9 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 gmp random pubkey hmac x509 xcbc stroke kernel-netlink
 }
 
 pluto {
-  load = curl aes des sha1 sha2 md5 gmp random hmac
+  load = curl aes des sha1 sha2 md5 gmp random pubkey hmac
 }

diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
index bdb0f2a..8dcb265 100644 (file)
--- a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
@@ -1,9 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 gmp random pubkey hmac x509 xcbc stroke kernel-netlink
 }
 
 pluto {
-  load = curl aes des sha1 sha2 md5 gmp random hmac
+  load = curl aes des sha1 sha2 md5 gmp random pubkey hmac
 }

diff --git a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf
index d936ea3..f5401f2 100644 (file)
--- a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des blowfish hmac gmp random curl
+  load = sha1 sha2 md5 aes des blowfish hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf
index d936ea3..f5401f2 100644 (file)
--- a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des blowfish hmac gmp random curl
+  load = sha1 sha2 md5 aes des blowfish hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/tests/ikev1/alg-serpent/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
index f68de87..9526646 100644 (file)
--- a/testing/tests/ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des serpent hmac gmp random curl
+  load = sha1 sha2 md5 aes des serpent hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/tests/ikev1/alg-serpent/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
index f68de87..9526646 100644 (file)
--- a/testing/tests/ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des serpent hmac gmp random curl
+  load = sha1 sha2 md5 aes des serpent hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/tests/ikev1/alg-twofish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
index a8fdf78..57bf3cc 100644 (file)
--- a/testing/tests/ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des twofish hmac gmp random curl
+  load = sha1 sha2 md5 aes des twofish hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/tests/ikev1/alg-twofish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
index a8fdf78..57bf3cc 100644 (file)
--- a/testing/tests/ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des twofish hmac gmp random curl
+  load = sha1 sha2 md5 aes des twofish hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf
index 7ec52c7..3432213 100644 (file)
--- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,13 @@
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
 }
 
 openac {
   load = sha1 sha2 md5 gmp random x509 pubkey
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf
index c4edaf9..b15cf2d 100644 (file)
--- a/testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl ldap
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf
index c4edaf9..b15cf2d 100644 (file)
--- a/testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl ldap
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf
index 1e209ce..52fd0c7 100644 (file)
--- a/testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf
@@ -1,9 +1,15 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
 }
 
 scepclient {
-  load = sha1 sha2 md5 aes des hmac random
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf
index 1e209ce..52fd0c7 100644 (file)
--- a/testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf
@@ -1,9 +1,15 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
 }
 
 scepclient {
-  load = sha1 sha2 md5 aes des hmac random
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
index 4dd8fe8..3e950c8 100644 (file)
--- a/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,13 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
   dns1 = PH_IP_WINNETOU
   dns2 = PH_IP6_VENUS
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
index c4edaf9..b15cf2d 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl ldap
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
index c4edaf9..b15cf2d 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl ldap
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
index c4edaf9..b15cf2d 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl ldap
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
index 545af35..85e5f1a 100644 (file)
--- a/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
@@ -3,3 +3,9 @@
 pluto {
   load = sha1 sha2 md5 aes des hmac gmp random
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
index 545af35..85e5f1a 100644 (file)
--- a/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
@@ -3,3 +3,9 @@
 pluto {
   load = sha1 sha2 md5 aes des hmac gmp random
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/strongswan.conf b/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
index 545af35..85e5f1a 100644 (file)
--- a/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
@@ -3,3 +3,9 @@
 pluto {
   load = sha1 sha2 md5 aes des hmac gmp random
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf
index 545af35..85e5f1a 100644 (file)
--- a/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf
@@ -3,3 +3,9 @@
 pluto {
   load = sha1 sha2 md5 aes des hmac gmp random
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf
index 545af35..85e5f1a 100644 (file)
--- a/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf
@@ -3,3 +3,9 @@
 pluto {
   load = sha1 sha2 md5 aes des hmac gmp random
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf
index 545af35..85e5f1a 100644 (file)
--- a/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -3,3 +3,9 @@
 pluto {
   load = sha1 sha2 md5 aes des hmac gmp random
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf
index 545af35..85e5f1a 100644 (file)
--- a/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -3,3 +3,9 @@
 pluto {
   load = sha1 sha2 md5 aes des hmac gmp random
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf
index 1e209ce..52fd0c7 100644 (file)
--- a/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf
@@ -1,9 +1,15 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
 }
 
 scepclient {
-  load = sha1 sha2 md5 aes des hmac random
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf
index 1e209ce..52fd0c7 100644 (file)
--- a/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf
@@ -1,9 +1,15 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
 }
 
 scepclient {
-  load = sha1 sha2 md5 aes des hmac random
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/strongswan.conf
index 545af35..85e5f1a 100644 (file)
--- a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/strongswan.conf
@@ -3,3 +3,9 @@
 pluto {
   load = sha1 sha2 md5 aes des hmac gmp random
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/strongswan.conf
index 545af35..85e5f1a 100644 (file)
--- a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/strongswan.conf
@@ -3,3 +3,9 @@
 pluto {
   load = sha1 sha2 md5 aes des hmac gmp random
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
index 545af35..85e5f1a 100644 (file)
--- a/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -3,3 +3,9 @@
 pluto {
   load = sha1 sha2 md5 aes des hmac gmp random
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
index 545af35..85e5f1a 100644 (file)
--- a/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -3,3 +3,9 @@
 pluto {
   load = sha1 sha2 md5 aes des hmac gmp random
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
index 545af35..85e5f1a 100644 (file)
--- a/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -3,3 +3,9 @@
 pluto {
   load = sha1 sha2 md5 aes des hmac gmp random
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
index 545af35..85e5f1a 100644 (file)
--- a/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -3,3 +3,9 @@
 pluto {
   load = sha1 sha2 md5 aes des hmac gmp random
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/strongswan.conf
index 545af35..85e5f1a 100644 (file)
--- a/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/strongswan.conf
@@ -3,3 +3,9 @@
 pluto {
   load = sha1 sha2 md5 aes des hmac gmp random
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/strongswan.conf
index 545af35..85e5f1a 100644 (file)
--- a/testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/strongswan.conf
@@ -3,3 +3,9 @@
 pluto {
   load = sha1 sha2 md5 aes des hmac gmp random
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf
index 1e209ce..52fd0c7 100644 (file)
--- a/testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf
@@ -1,9 +1,15 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
 }
 
 scepclient {
-  load = sha1 sha2 md5 aes des hmac random
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf
index 1e209ce..52fd0c7 100644 (file)
--- a/testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf
@@ -1,9 +1,15 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random curl
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
 }
 
 scepclient {
-  load = sha1 sha2 md5 aes des hmac random
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }

diff --git a/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf
index 545af35..85e5f1a 100644 (file)
--- a/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf
@@ -3,3 +3,9 @@
 pluto {
   load = sha1 sha2 md5 aes des hmac gmp random
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf
index 545af35..85e5f1a 100644 (file)
--- a/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf
@@ -3,3 +3,9 @@
 pluto {
   load = sha1 sha2 md5 aes des hmac gmp random
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf
index 545af35..85e5f1a 100644 (file)
--- a/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf
@@ -3,3 +3,9 @@
 pluto {
   load = sha1 sha2 md5 aes des hmac gmp random
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
index 1289b13..6cb8c13 100644 (file)
--- a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ charon {
 }
 
 scepclient {
-  load = sha1 sha2 md5 aes des hmac random
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random
 }

diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
index 1289b13..6cb8c13 100644 (file)
--- a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ charon {
 }
 
 scepclient {
-  load = sha1 sha2 md5 aes des hmac random
+  load = sha1 sha2 md5 aes des hmac gmp pubkey random
 }