Hello Terry, did you compile strongSwan with the .configure --enable-openssl option since the libstrongswan openssl plugin is required for ECC support as in the following EAP-TLS scenario:
http://www.strongswan.org/uml/testresults/openssl-ikev2/rw-eap-tls-only/ Regards Andreas On 05/05/2011 02:08 AM, Terry Hennessy wrote: > Hello, > > I'm trying to set up the TNC Client and Server configuration using > EAP-TLS certificate based authentication. The main difference between my > config and the one found in > http://wiki.strongswan.org/projects/strongswan/wiki/TrustedNetworkConnect is > that I'm using ECDSA certificates instead of RSA certificates. When I > start up the client I get a handshake failure. And I see the following > in charon.log > > May 4 15:47:31 04[TLS] processing TLS Handshake record (81 bytes) > May 4 15:47:31 04[TLS] received TLS ClientHello handshake (77 bytes) > May 4 15:47:31 04[TLS] received TLS 'signature algorithms' extension > May 4 15:47:31 04[TLS] received 10 TLS cipher suites: > May 4 15:47:31 04[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA > May 4 15:47:31 04[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 > May 4 15:47:31 04[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA > May 4 15:47:31 04[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 > May 4 15:47:31 04[TLS] TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA > May 4 15:47:31 04[TLS] TLS_RSA_WITH_AES_128_CBC_SHA > May 4 15:47:31 04[TLS] TLS_RSA_WITH_AES_128_CBC_SHA256 > May 4 15:47:31 04[TLS] TLS_RSA_WITH_AES_256_CBC_SHA > May 4 15:47:31 04[TLS] TLS_RSA_WITH_AES_256_CBC_SHA256 > May 4 15:47:31 04[TLS] TLS_RSA_WITH_3DES_EDE_CBC_SHA > May 4 15:47:31 04[TLS] received cipher suites inacceptable > May 4 15:47:31 04[TLS] sending fatal TLS alert 'handshake failure' > May 4 15:47:31 04[TLS] sending TLS Alert record (2 bytes) > > Is there some client config parm that can set the ciphe rsuite? If not, > is ECDSA not supported for TNC? > > > > ps. Andreas Steffan, thank you for your response to my post a few weeks > ago. That solved the problem. > > > > Terry Hennessy ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
