<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
Thanks. Looks like you are correct. I'm using CentOS 5.5, and no elliptic curve algorthms are listed in<br>the "openssl list-*" commands. So apprently elliptic curve is disabled .<br><br>Regards,<br><br>Mike<br><br>> Date: Thu, 21 Oct 2010 23:02:58 +0200<br>> From: andreas.steffen@strongswan.org<br>> To: sneedmike@hotmail.com<br>> CC: users@lists.strongswan.org<br>> Subject: Re: [strongSwan] (no subject)<br>> <br>> Yeah, this is strange indeed. Have Elliptic Curves been enabled in<br>> libcrypto.so-0.9.8e ? We know of some Linux distributions where this<br>> hasn't been the case.<br>> <br>> Regards<br>> <br>> Andreas<br>> <br>> On 21.10.2010 20:24, Michael Sneed wrote:<br>> > Hi,<br>> > <br>> > I am having problems getting StrongSwan to use ECP algorithms. I built<br>> > with:<br>> > <br>> > ./configure --prefix /usr --sysconfdir=/etc --libexecdir=/usr/libexec<br>> > --enable-openssl<br>> > <br>> > But when I try to bring up a connection specifying:<br>> > <br>> > ike=aes128-sha256-ecp256!<br>> > esp=aes128gcm16!<br>> > <br>> > I get:<br>> > <br>> > 002 "suiteB" #1: initiating Main Mode<br>> > 002 "suiteB" #1: ike alg: dh group ECP_256 not present<br>> > 003 "suiteB" #1: empty ISAKMP SA proposal to send (no algorithms for ike<br>> > selection?)<br>> > <br>> > The openssl plugin appears to be loaded, as "ipsec statusall" shows:<br>> > <br>> > 000 loaded plugins: aes des sha1 sha2 md5 random x509 pubkey pkcs1 pgp<br>> > dnskey pem openssl hmac gmp xauth attr resolve<br>> > <br>> > But the algorithms don't show up in "ipsec listalgs":<br>> > <br>> > 000 encryption: BLOWFISH_CBC 3DES_CBC AES_CBC CAMELLIA_CBC<br>> > 000 integrity: HMAC_MD5 HMAC_SHA1 HMAC_SHA2_256 HMAC_SHA2_384<br>> > HMAC_SHA2_512<br>> > 000 dh-group: MODP_1024 MODP_1536 MODP_2048 MODP_3072 MODP_4096<br>> > MODP_6144 MODP_8192 MODP_1024_160 MODP_2048_224 MODP_2048_256<br>> > <br>> > My kernel is 2.6.18 and I am using libcrypto.so.0.9.8e .<br>> > <br>> > What am I doing wrong?<br>> > <br>> > Regards,<br>> > <br>> > Mike<br>> <br>> ======================================================================<br>> Andreas Steffen andreas.steffen@strongswan.org<br>> strongSwan - the Linux VPN Solution! www.strongswan.org<br>> Institute for Internet Technologies and Applications<br>> University of Applied Sciences Rapperswil<br>> CH-8640 Rapperswil (Switzerland)<br>> ===========================================================[ITA-HSR]==<br> </body>
</html>