testing: Use TLS 1.2 in RADIUS test cases

This took a while as in the OpenSSL package shipped with Debian and on which our FIPS-enabled package is based, the function SSL_export_keying_material(), which is used by FreeRADIUS to derive the MSK, did not use the correct digest to calculate the result when TLS 1.2 was used. This caused IKE to fail with "verification of AUTH payload with EAP MSK failed". The fix was only backported to jessie recently.
author: Tobias Brunner <tobias@strongswan.org> 2015-11-26 19:06:41 +0100
committer: Tobias Brunner <tobias@strongswan.org> 2016-06-17 15:53:12 +0200
commit: 44e83f76f3de50947a90cc37b2628646a5125353 (patch)
tree: 5a07a8366a9da0ed5eb53ecfaf4f4e38cdbc4224 /testing/tests/ikev2
parent: 545e5291906fdf428622fefe498f2dad6a1c51c3 (diff)
download: strongswan-44e83f76f3de50947a90cc37b2628646a5125353.tar.bz2
strongswan-44e83f76f3de50947a90cc37b2628646a5125353.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
index 4c778a721..50f0389d3 100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
@@ -4,3 +4,6 @@ charon {
   load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown
   multiple_authentication=no
 }
+libtls {
+  suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+}
author	Tobias Brunner <tobias@strongswan.org>	2015-11-26 19:06:41 +0100
committer	Tobias Brunner <tobias@strongswan.org>	2016-06-17 15:53:12 +0200
commit	44e83f76f3de50947a90cc37b2628646a5125353 (patch)
tree	5a07a8366a9da0ed5eb53ecfaf4f4e38cdbc4224 /testing/tests/ikev2
parent	545e5291906fdf428622fefe498f2dad6a1c51c3 (diff)
download	strongswan-44e83f76f3de50947a90cc37b2628646a5125353.tar.bz2 strongswan-44e83f76f3de50947a90cc37b2628646a5125353.tar.xz