#
# When fips is enabled (fips=1 kernel parameter), only certified openssl
# and kernel crypto API (af-alg) algorithms are supported.
#
# The strongswan-hmac package is supposed to be used/installed when fips
# is enabled and provides the hmac hashes, a "ipsec _fipscheck" script
# verifying the components and this blacklist disabling other plugins
# providing further and/or alternative algorithm implementations.
#
gcrypt {
    load = no
}
blowfish {
    load = no
}
random {
    load = no
}
des {
    load = no
}
aes {
    load = no
}
rc2 {
    load = no
}
ctr {
    load = no
}
cmac {
    load = no
}
xcbc {
    load = no
}
md4 {
    load = no
}
md5 {
    load = no
}
sha1 {
    load = no
}
sha2 {
    load = no
}
ccm {
    load = no
}