[Openswan Users] openswan and DoD PKI specification

Paul Wouters paul at xelerance.com
Fri Mar 18 21:51:27 EDT 2011

On Fri, 18 Mar 2011, Chen, Xuli (James) wrote:

> Date: Fri, 18 Mar 2011 14:52:10 -0400
> From: "Chen, Xuli (James)" <chenja at avaya.com>
> To: "users at openswan.org" <users at openswan.org>
> Subject: [Openswan Users] openswan and DoD PKI specification
> Hi All,
> Anyone knows if the DoD PKI specification was being followed when the openswan was deployed or upgraded?

The IETF RFCs specifications are used. We have no idea what the relationship with
DoD is. For instance Openswan supports md5 and DoD might say it may not use md5.
Red Hat builds a FIPS 140-2 version of openswan, that disables some ciphers for
this reason, and uses NSS to encrypt all the private keys inside an nssdb database.


More information about the Users mailing list