On Fri, May 13, 2011 at 06:36:34PM +0100, Mike Bell wrote:
> I had originally put
> cipher AES-128-CBC
> in SERVER.OVPN & CLIENT.OVPN, not OPENSSL.CNF files (it's been a long week!)
I am not familiar with your VPN product, so you'll have to figure out
what configuration options are applicable. If the product uses SSL cipher
suites, then a cipher name is almost always a "cipherlist", whose syntax
is described in the ciphers(1) manpage. If on the other hand, as the
protocol in question is not TLS, cipher specification uses a different
syntax, then you need to figure out how to configure a cipher that is
compatible with ECDSA certificates.
Do not confuse a block algorithm e.g. (AES-128-CBC) with a cipher-suite,
which specifies also the authentication and message digest algorithms.
Generally, OpenSSL ciphersuites are defined for TLS. It is not clear
how these translate to your VPN device.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
