, HsuenJu
Cc: users@lists.strongswan.org
Subject: Re: [strongSwan] failure with ike using sha2
> Please let me know if there is a fix for openssl since changing the
> load order of plugin is not recommended.
If you are using OpenSSL 1.0.2a, you might try the strongSwan fix provided
> Please let me know if there is a fix for openssl since changing the
> load order of plugin is not recommended.
If you are using OpenSSL 1.0.2a, you might try the strongSwan fix
provided at [1].
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=openssl-hmac
___
E[random]
nonce-gen: [nonce]
-Original Message-
From: Andreas Steffen [mailto:andreas.stef...@strongswan.org]
Sent: Friday, March 27, 2015 5:01 PM
To: Ko, HsuenJu; users@lists.strongswan.org
Subject: Re: [strongSwan] failure with ike using sha2
Hi Bettina,
are you sure that you loaded th
Hi Luka,
> I have just found out, that recent openssl 1.0.2 commit
> 929b0d70c19f60227f89fac63f22a21f21950823
> breaks hmac when using openssl plugin for hmac functions
This commit prevents the pre-initialization with an empty key we use to
avoid any non-initialized use of HMAC_Update(). Most li
Hi,
I have just found out, that recent openssl 1.0.2 commit
929b0d70c19f60227f89fac63f22a21f21950823
breaks hmac when using openssl plugin for hmac functions (well, at least
strongswan hmac & prf sha256 self
tests fail). If I remove the lines (in openssl crypto/hmac/hmac.c)
110 if(!ctx->key
Hi Bettina,
are you sure that you loaded the sha2 plugin because the HMAC-SHA2
algorithms for the prf_plus seem to fail. ipsec statusall should list
the sha2 plugin.
Regards
Andreas
On 03/27/2015 04:05 PM, Ko, HsuenJu wrote:
> Hi ,
>
> I got error of “key derivation failed” when I configured i
Hi Noel,
Thank you for the help. I will give it a try.
Bettina
-Original Message-
From: Noel Kuntze [mailto:n...@familie-kuntze.de]
Sent: Friday, March 27, 2015 12:36 PM
To: Ko, HsuenJu; users@lists.strongswan.org
Subject: Re: [strongSwan] failure with ike using sha2
-BEGIN PGP
es=8
> rightauth=pubkey
>
>
> It looks like both openssl and hmac supports that. Should I try load hmac
> first? How do I change that order?
>
> Thanks!
> Bettina
>
> -Original Message-
> From: Noel Kuntze [mailto:n...@familie-kuntze.de]
> Sent: Fri
Subject: Re: [strongSwan] failure with ike using sha2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Bettina,
First, you have to find out what plugin currently provides those algorithms.
Do that by examining the list of loaded plugins in the output of "ipsec
statusall".
On my box
Message-
> From: users-boun...@lists.strongswan.org
> [mailto:users-boun...@lists.strongswan.org] On Behalf Of Noel Kuntze
> Sent: Friday, March 27, 2015 11:12 AM
> To: users@lists.strongswan.org
> Subject: Re: [strongSwan] failure with ike using sha2
>
> Hello,
>
> Tha
: Re: [strongSwan] failure with ike using sha2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
That sounds like the plugin that provides those algorithms is broken.
You can try to work around that by making charon load another plugin, which
provides the PRF algorithms for those signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
That sounds like the plugin that provides those algorithms is broken.
You can try to work around that by making charon
load another plugin, which provides the PRF algorithms for those
signature algorithms, before the one you are using right n
Hi ,
I got error of "key derivation failed" when I configured ike using sha2. I
don't have problem with md5 or sha1. And I am using strongswan 5.1.1. Here is
the corresponding log. Can someone tell me what I did wrong or is this a bug?
Thanks!
Bettina
ike=aes128-sha256-modp2048!
Mar 27 10:
13 matches
Mail list logo