EAP-TLS Suggestions on FreeRadius
Max Freeman
mfreem10 at masonlive.gmu.edu
Sat Nov 1 02:41:13 CET 2014
Hi,
I have been working with FreeRadius and reading these threads for sometime
now trying to figure out how to properly configure and implement EAP-TLS
using ECDHE-ECDSA ciphers.
So far, I have been unsuccessful with the TLS handshake properly
accepting. I realize that FreeRadius does not work with encryption, but
rather passes it off to OpenSSL to do it's "thing."
I am writing because perhaps there is a FreeRadius setting/ concept that I
have been foolishly neglecting.
The client (wpa_Supplicant) sends FreeRadius a Client Hello over TLS 1.0
(could perhaps cause problems with ECC?) and then FreeRadius Rejects it
because of and "SSL3_CLIENT_HELLO: no shared cipher." However, I have
confirmed that the latest version of openssl supports my cipher.
Does the EAP.conf/ FR have anything to do with Elliptic Curve's and their
shared cipher besides putting in "ALL" for the cipher and "secptxxx" for
the curve?
I have also confirmed through OpenSSL's s_client/ s_server program that
my certificates are set up properly and ONLY succeed with TLS1_2 and not
TLS1.0 or TLS1.1.
Thank you for any assistance! I have been scratching my head with this for
quite sometime.
v/r
Max
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141031/a02328cf/attachment-0001.html>
More information about the Freeradius-Users
mailing list