search

ryru / strongswan

strongSwan - IPsec-based VPN
https://www.strongswan.org
Other
0 stars 1 forks source link

Support EDDSA key material #28

Closed ryru closed 3 years ago

ryru commented 3 years ago

Currently only RSA and ECDSA schems are accepted. EDDSA keys such as ED25519 or ED448 shall also be accepted.

RFC 8446, Section 1:

   -  Authentication: The server side of the channel is always
      authenticated; the client side is optionally authenticated.
      Authentication can happen via asymmetric cryptography (e.g., RSA
      [RSA], the Elliptic Curve Digital Signature Algorithm (ECDSA)
      [ECDSA], or the Edwards-Curve Digital Signature Algorithm (EdDSA)
      [RFC8032]) or a symmetric pre-shared key (PSK).
tobiasbrunner commented 3 years ago

Seems to work fine with TLS 1.3, but with TLS 1.2 there is still the issue with KEY_ECDSA in the cipher suites.