[strongSwan] fatal TLS alert 'handshake failure'
Terry Hennessy
trense at us.ibm.com
Thu May 5 02:08:07 CEST 2011
Hello,
I'm trying to set up the TNC Client and Server configuration using EAP-TLS
certificate based authentication. The main difference between my config
and the one found in
http://wiki.strongswan.org/projects/strongswan/wiki/TrustedNetworkConnect
is that I'm using ECDSA certificates instead of RSA certificates. When I
start up the client I get a handshake failure. And I see the following in
charon.log
May 4 15:47:31 04[TLS] processing TLS Handshake record (81 bytes)
May 4 15:47:31 04[TLS] received TLS ClientHello handshake (77 bytes)
May 4 15:47:31 04[TLS] received TLS 'signature algorithms' extension
May 4 15:47:31 04[TLS] received 10 TLS cipher suites:
May 4 15:47:31 04[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA
May 4 15:47:31 04[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
May 4 15:47:31 04[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA
May 4 15:47:31 04[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
May 4 15:47:31 04[TLS] TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
May 4 15:47:31 04[TLS] TLS_RSA_WITH_AES_128_CBC_SHA
May 4 15:47:31 04[TLS] TLS_RSA_WITH_AES_128_CBC_SHA256
May 4 15:47:31 04[TLS] TLS_RSA_WITH_AES_256_CBC_SHA
May 4 15:47:31 04[TLS] TLS_RSA_WITH_AES_256_CBC_SHA256
May 4 15:47:31 04[TLS] TLS_RSA_WITH_3DES_EDE_CBC_SHA
May 4 15:47:31 04[TLS] received cipher suites inacceptable
May 4 15:47:31 04[TLS] sending fatal TLS alert 'handshake failure'
May 4 15:47:31 04[TLS] sending TLS Alert record (2 bytes)
Is there some client config parm that can set the ciphe rsuite? If not, is
ECDSA not supported for TNC?
ps. Andreas Steffan, thank you for your response to my post a few weeks
ago. That solved the problem.
Terry Hennessy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110504/7a8827a0/attachment.html>
More information about the Users
mailing list