[strongSwan] SQL and IKE/ESP
David Spracklen
david_spracklen at yahoo.com
Fri Jul 30 17:09:22 CEST 2010
Thanks very much, Martin. I guess I had two problems, but this did correctly
address the ECP_256 issue. (the other is also resolved now too) I -thought- that
I'd disabled those plugin registrations, but I had not done so as you pointed
out.
Thanks again for the response.
Dave
________________________________
From: Martin Willi <martin at strongswan.org>
To: David Spracklen <david_spracklen at yahoo.com>
Cc: users at lists.strongswan.org
Sent: Wed, July 28, 2010 2:43:49 AM
Subject: Re: [strongSwan] SQL and IKE/ESP
Hi Dave,
> I am trying to use SQL with ECDSA. The log showed my cert was read in
> correctly, but there was a mention that ECP_256 was not supported.
ECDSA is usually independent of ECDH, I don't think this is related to
your certificate.
> The DH implementation we're using doesn't support this
The default proposals are constructed using the registered algorithms
[1]. In contrast to a ipsec.conf based configuration, no additional
algorithms [2] are attached.
If your plugin does not support ECP_256, you should not register that
algorithm. The OpenSSL plugin does plugin registration at [3].
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/config/proposal.c;h=e8639302896e1b0635014e49500b319b1fe966f4;hb=HEAD#l766
[2]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/starter/confread.c;h=399e17844d60b763811e08bb783628508620cf8d;hb=HEAD#l35
[3]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/plugins/openssl/openssl_plugin.c;h=31697dcb893d5e668a9b1df552cf44321edd2cd1;hb=HEAD#l290
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100730/ec4d63e2/attachment.html>
More information about the Users
mailing list