This article provides current design limitation information when ECC (Elliptic Curve Cryptography) device certificate used.
Network Connect (NC) and Windows Secure Application Manager (WSAM) fail if Junos Pulse Secure Access device certificate uses ECC algorithm.
Network Connect and WSAM do not support ECC algorithms such as ECDSA/ECDH cryptographic algorithms, even in IVE OS 7.4 or later.
You can confirm SSLDump and NC/WSAM sends only following cipher suites that is not include ECDSA/ECDH cipher suites.
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Junos Pulse 4.0R1 and later versions support FIPS140-2 and Suite B cryptographic algorithms. Junos Pulse will work with ECC device certificate.