From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail.kamstrup.com ([93.167.225.188]) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1XzPDr-0001fB-Hz for ptxdist@pengutronix.de; Fri, 12 Dec 2014 13:21:28 +0100 From: Bruno Thomsen Date: Fri, 12 Dec 2014 13:21:04 +0100 Message-ID: <1418386864-13667-2-git-send-email-bth@kamstrup.dk> In-Reply-To: <1418386864-13667-1-git-send-email-bth@kamstrup.dk> References: <1418386864-13667-1-git-send-email-bth@kamstrup.dk> MIME-Version: 1.0 Subject: [ptxdist] [PATCH 2/2] strongswan: aes-gcm support enabled Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de Cc: bth@kamstrup.dk Enabled support for AES-GCM (Galois/Counter Mode) which is an Authenticated Encryption with Associated Data (AEAD) cipher. This seems like a good moment to reiterate that everything less than TLS 1.2 with an AEAD cipher suite is cryptographically broken. -- Adam Langley Source: https://www.imperialviolet.org/2014/12/08/poodleagain.html Signed-off-by: Bruno Thomsen --- rules/strongswan.make | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rules/strongswan.make b/rules/strongswan.make index df4f9c8..dad1e10 100644 --- a/rules/strongswan.make +++ b/rules/strongswan.make @@ -156,7 +156,7 @@ STRONGSWAN_CONF_OPT := \ --disable-pkcs11 \ --disable-ctr \ --disable-ccm \ - --disable-gcm \ + --enable-gcm \ --disable-addrblock \ --enable-acert \ --disable-unity \ @@ -202,6 +202,7 @@ STRONGSWAN_PLUGINS := \ libstrongswan-des.so \ libstrongswan-dnskey.so \ libstrongswan-fips-prf.so \ + libstrongswan-gcm.so \ libstrongswan-gmp.so \ libstrongswan-hmac.so \ libstrongswan-kernel-netlink.so \ -- 1.9.1 -- ptxdist mailing list ptxdist@pengutronix.de