Hi Martin,
Thanks for your response. I would like to clarify that, I had
cross compiled the strongSwan with openssl plugin against the new OpenSSL
headers. Also I have given the appropriate path (in CFLAGS) to include the
correct opensslconf.h. If I do #ipsec
listalgs | grep MODP, it gives the below output. However doing #ipsec listalgs
| grep ECP does not show anything in console. Thus I think, the issue is
different which I am not yet able to figure out. Kindly let me know the clue if
you have any.
root@:/root> ipsec listalgs | grep MODP
dh-group: MODP_2048[openssl] MODP_2048_224[openssl]
MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl]
MODP_1024[openssl] MODP_1024_160[openssl] MODP_768[openssl]
MODP_CUSTOM[openssl] MODP_NULL[load-tester]
dh-group: MODP_2048[openssl] MODP_2048_224[openssl]
MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
MODP_4096[openssl] MODP_6144[openssl]
MODP_8192[openssl] MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl] MODP_CUSTOM[openssl] MODP_NULL[load-tester]
dh-group: MODP_2048[openssl] MODP_2048_224[openssl]
MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl]
MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl] MODP_CUSTOM[openssl] MODP_NULL[load-tester]
dh-group: MODP_2048[openssl] MODP_2048_224[openssl]
MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl]
MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl] MODP_CUSTOM[openssl] MODP_NULL[load-tester]
dh-group: MODP_2048[openssl] MODP_2048_224[openssl]
MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl]
MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl] MODP_CUSTOM[openssl] MODP_NULL[load-tester]
dh-group: MODP_2048[openssl] MODP_2048_224[openssl]
MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl]
MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl] MODP_CUSTOM[openssl] MODP_NULL[load-tester]
dh-group: MODP_2048[openssl] MODP_2048_224[openssl] MODP_2048_256[openssl]
MODP_1536[openssl] MODP_3072[openssl]
MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl]
MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl] MODP_CUSTOM[openssl] MODP_NULL[load-tester]
dh-group: MODP_2048[openssl] MODP_2048_224[openssl]
MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl]
MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl] MODP_CUSTOM[openssl] MODP_NULL[load-tester]
dh-group: MODP_2048[openssl] MODP_2048_224[openssl]
MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl]
MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl] MODP_CUSTOM[openssl] MODP_NULL[load-tester]
dh-group: MODP_2048[openssl] MODP_2048_224[openssl]
MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl]
MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl] MODP_CUSTOM[openssl] MODP_NULL[load-tester]
dh-group: MODP_2048[openssl] MODP_2048_224[openssl]
MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl]
MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl] MODP_CUSTOM[openssl] MODP_NULL[load-tester]
dh-group: MODP_2048[openssl] MODP_2048_224[openssl]
MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl]
MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl] MODP_CUSTOM[openssl] MODP_NULL[load-tester]
dh-group: MODP_2048[openssl] MODP_2048_224[openssl]
MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl]
MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl] MODP_CUSTOM[openssl] MODP_NULL[load-tester]
dh-group: MODP_2048[openssl] MODP_2048_224[openssl]
MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl]
MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl] MODP_CUSTOM[openssl] MODP_NULL[load-tester]
dh-group: MODP_2048[openssl] MODP_2048_224[openssl]
MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl]
MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl] MODP_CUSTOM[openssl] MODP_NULL[load-tester]
dh-group: MODP_2048[openssl] MODP_2048_224[openssl]
MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl]
MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl] MODP_CUSTOM[openssl] MODP_NULL[load-tester]
root@:/root>
Regards,
Chinmaya
On Tuesday, January 28, 2014 2:22 PM, Martin Willi <[email protected]>
wrote:
Hi,
> strongwan complains that configured DH group ECP_224 not supported.
> The #openssl ciphers -v 'ECDH' gives the below output, which
> implies that, openssl has been compiled with ECDH support.
Just switching OpenSSL's libcrypto is not sufficient. You'll have to
build the strongSwan openssl plugin against the new OpenSSL headers.
Specifically, you'll have to make sure you include the correct
opensslconf.h that provides the appropriate OPENSSL_NO_*-defines for
your OpenSSL feature set, see [1].
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/plugins/openssl/openssl_plugin.c;hb=HEAD#l265
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
