Reyk,
I've taken the liberty of patching ca.c, crypto.c, ikev2.h, parse.y,
iked.8 and iked.conf.5. I'm no expert on this, but this seems to work
for me. SAs and Flows are established, it hasn't crashed, and I'm
passing data.
Let me know what you think.
Thanks,
-Jason
diff -u
On 2013/03/13 09:52, Jason Hall wrote:
Reyk,
I've taken the liberty of patching ca.c, crypto.c, ikev2.h, parse.y,
iked.8 and iked.conf.5. I'm no expert on this, but this seems to
work for me. SAs and Flows are established, it hasn't crashed, and
I'm passing data.
Let me know what you
Stu,
I am in the US. While I am no lawyer, I believe the export
resctrictions are on the actual cryptography software, namely OpenSSL,
which is developed in your neck of the woods. As my patch doesn't
provide any actual cryptography, just using existing methods, it should
be ok. But, as I
On Sun, 10 Mar 2013, Jason Hall wrote:
Are there plans to support ECDSA keys? All other recommended
protocols (AES GCM, ECDH) are currently supported.
When attempting to start IKEd (iked -dvv) with ECDSA keys, the error message
is:
ca_key_serialize: unsupported key type 408
fatal: ca:
Hi!
Am 11.03.2013 um 02:04 schrieb Jason Hall cake...@gmail.com:
I recently started using (open)IKEd, and am quite happy with it. Very
easy to configure/use, well documented, and supports many protocols.
Following USA's NSA Suite B security recommendations for which
protocols to use (because