openssl crl -in crl.pem -outform der -out strongswan_rfc3779.crl
cp strongswan_rfc3779.crl ${ROOT}
cd /etc/openssl/bliss
-pki --signcrl --cacert strongswan_blissCert.der --cakey strongswan_blissKey.der --lifetime 30 --digest sha512 > strongswan_bliss.crl
+pki --signcrl --cacert strongswan_blissCert.der --cakey strongswan_blissKey.der --lifetime 30 --digest sha3_512 > strongswan_bliss.crl
cp strongswan_bliss.crl ${ROOT}
--enable-ntru \
--enable-lookip \
--enable-swanctl \
- --enable-bliss
+ --enable-bliss \
+ --enable-sha3
export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
+ strictcrlpolicy=yes
conn %default
ikelifetime=60m
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes sha1 sha2 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
+ load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
}
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
+ strictcrlpolicy=yes
conn %default
ikelifetime=60m
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes sha1 sha2 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
+ load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
}
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
+ strictcrlpolicy=yes
conn %default
ikelifetime=60m
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes sha1 sha2 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
+ load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
}