summaryrefslogtreecommitdiff
path: root/conf/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'conf/plugins')
-rw-r--r--conf/plugins/eap-radius.conf4
-rw-r--r--conf/plugins/eap-radius.opt4
-rw-r--r--conf/plugins/imc-attestation.conf3
-rw-r--r--conf/plugins/imc-attestation.opt5
-rw-r--r--conf/plugins/imv-attestation.conf3
-rw-r--r--conf/plugins/imv-attestation.opt3
6 files changed, 21 insertions, 1 deletions
diff --git a/conf/plugins/eap-radius.conf b/conf/plugins/eap-radius.conf
index 53023b81e..64db67456 100644
--- a/conf/plugins/eap-radius.conf
+++ b/conf/plugins/eap-radius.conf
@@ -3,6 +3,10 @@ eap-radius {
# Send RADIUS accounting information to RADIUS servers.
# accounting = no
+ # Close the IKE_SA if there is a timeout during interim RADIUS accounting
+ # updates.
+ # accounting_close_on_timeout = yes
+
# If enabled, accounting is disabled unless an IKE_SA has at least one
# virtual IP.
# accounting_requires_vip = no
diff --git a/conf/plugins/eap-radius.opt b/conf/plugins/eap-radius.opt
index 0edd3458c..0df6a0d6f 100644
--- a/conf/plugins/eap-radius.opt
+++ b/conf/plugins/eap-radius.opt
@@ -1,6 +1,10 @@
charon.plugins.eap-radius.accounting = no
Send RADIUS accounting information to RADIUS servers.
+charon.plugins.eap-radius.accounting_close_on_timeout = yes
+ Close the IKE_SA if there is a timeout during interim RADIUS accounting
+ updates.
+
charon.plugins.eap-radius.accounting_requires_vip = no
If enabled, accounting is disabled unless an IKE_SA has at least one
virtual IP.
diff --git a/conf/plugins/imc-attestation.conf b/conf/plugins/imc-attestation.conf
index ffb1b45a3..2d8deaa8e 100644
--- a/conf/plugins/imc-attestation.conf
+++ b/conf/plugins/imc-attestation.conf
@@ -13,6 +13,9 @@ imc-attestation {
# priority of this plugin.
load = yes
+ # Enforce mandatory Diffie-Hellman groups.
+ # mandatory_dh_groups = yes
+
# DH nonce length.
# nonce_len = 20
diff --git a/conf/plugins/imc-attestation.opt b/conf/plugins/imc-attestation.opt
index 9c108053b..aaac4c2c1 100644
--- a/conf/plugins/imc-attestation.opt
+++ b/conf/plugins/imc-attestation.opt
@@ -7,6 +7,9 @@ charon.plugins.imc-attestation.aik_cert =
charon.plugins.imc-attestation.aik_key =
AIK public key file.
+charon.plugins.imc-attestation.mandatory_dh_groups = yes
+ Enforce mandatory Diffie-Hellman groups.
+
charon.plugins.imc-attestation.nonce_len = 20
DH nonce length.
@@ -14,4 +17,4 @@ charon.plugins.imc-attestation.use_quote2 = yes
Use Quote2 AIK signature instead of Quote signature.
charon.plugins.imc-attestation.pcr_info = yes
- Whether to send pcr_before and pcr_after info. \ No newline at end of file
+ Whether to send pcr_before and pcr_after info.
diff --git a/conf/plugins/imv-attestation.conf b/conf/plugins/imv-attestation.conf
index 48ffba839..3a1a7f225 100644
--- a/conf/plugins/imv-attestation.conf
+++ b/conf/plugins/imv-attestation.conf
@@ -35,6 +35,9 @@ imv-attestation {
# priority of this plugin.
load = yes
+ # Enforce mandatory Diffie-Hellman groups.
+ # mandatory_dh_groups = yes
+
# DH minimum nonce length.
# min_nonce_len = 0
diff --git a/conf/plugins/imv-attestation.opt b/conf/plugins/imv-attestation.opt
index c0ae20488..f266281e6 100644
--- a/conf/plugins/imv-attestation.opt
+++ b/conf/plugins/imv-attestation.opt
@@ -1,6 +1,9 @@
charon.plugins.imv-attestation.cadir =
Path to directory with AIK cacerts.
+charon.plugins.imv-attestation.mandatory_dh_groups = yes
+ Enforce mandatory Diffie-Hellman groups.
+
charon.plugins.imv-attestation.dh_group = ecp256
Preferred Diffie-Hellman group.
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-15 20:24:02 +0000