[strongSwan] (no subject)

Michael Sneed sneedmike at hotmail.com
Fri Oct 22 16:12:31 CEST 2010


Thanks.  Looks like you are correct.  I'm using CentOS 5.5, and no elliptic curve algorthms are listed in
the "openssl list-*" commands.  So apprently elliptic curve is disabled .

Regards,

Mike

> Date: Thu, 21 Oct 2010 23:02:58 +0200
> From: andreas.steffen at strongswan.org
> To: sneedmike at hotmail.com
> CC: users at lists.strongswan.org
> Subject: Re: [strongSwan] (no subject)
> 
> Yeah, this is strange indeed. Have Elliptic Curves been enabled in
> libcrypto.so-0.9.8e ? We know of some Linux distributions where this
> hasn't been the case.
> 
> Regards
> 
> Andreas
> 
> On 21.10.2010 20:24, Michael Sneed wrote:
> > Hi,
> > 
> > I am having problems getting StrongSwan to use ECP algorithms.  I built
> > with:
> > 
> > ./configure --prefix /usr --sysconfdir=/etc --libexecdir=/usr/libexec
> > --enable-openssl
> > 
> > But when I try to bring up a connection specifying:
> > 
> > ike=aes128-sha256-ecp256!
> > esp=aes128gcm16!
> > 
> > I get:
> > 
> > 002 "suiteB" #1: initiating Main Mode
> > 002 "suiteB" #1: ike alg: dh group ECP_256 not present
> > 003 "suiteB" #1: empty ISAKMP SA proposal to send (no algorithms for ike
> > selection?)
> > 
> > The openssl plugin appears to be loaded, as  "ipsec statusall" shows:
> > 
> > 000 loaded plugins: aes des sha1 sha2 md5 random x509 pubkey pkcs1 pgp
> > dnskey pem openssl hmac gmp xauth attr resolve
> > 
> > But the algorithms don't show up in "ipsec listalgs":
> > 
> > 000   encryption: BLOWFISH_CBC 3DES_CBC AES_CBC CAMELLIA_CBC
> > 000   integrity:  HMAC_MD5 HMAC_SHA1 HMAC_SHA2_256 HMAC_SHA2_384
> > HMAC_SHA2_512
> > 000   dh-group:   MODP_1024 MODP_1536 MODP_2048 MODP_3072 MODP_4096
> > MODP_6144 MODP_8192 MODP_1024_160 MODP_2048_224 MODP_2048_256
> > 
> > My  kernel is 2.6.18 and I am using libcrypto.so.0.9.8e .
> > 
> > What am I doing wrong?
> > 
> > Regards,
> > 
> > Mike
> 
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101022/68687cd0/attachment.html>


More information about the Users mailing list