Algorithm used by FreeRADIUS to choose cipher suite used with EAP-TLS/TTLS
Walter Goulet
wgoulet at gmail.com
Fri Feb 16 11:55:40 CET 2007
Alan DeKok wrote:
>Walter Goulet wrote:
>
>
>>How does FreeRADIUS's rlm_eap module choose the cipher suite used for
>>EAP-TLS/TTLS sessions?
>>
>>
>
> It relies on OpenSSL to do the negotiation.
>
>
>
>>RFC 2246 for TLS states that the client presents the list of
>>ciphersuites supported to the server and the server picks one that it
>>supports.
>>
>>Is there a way to configure FreeRADIUS to only use a specific set of
>>ciphersuites? The goal is that in some cases it may be desireable to
>>restrict incoming clients to use a particular suite.
>>
>>
>
> Yes. See "cipher_list" in eap.conf. It's documented.
>
> Alan DeKok.
>--
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
Thanks much Alan; I was looking at my older FreeRADIUS install (1.1.1!)
which didn't have this described in eap.conf. I see it in the latest
version.
Walter
More information about the Freeradius-Users
mailing list