Poodle and EAP?
Nick Lowe
nick.lowe at gmail.com
Mon Oct 20 17:28:09 CEST 2014
For anybody interested, the configuration of the TlsVersions DWORD in the
registry is more granular than the KB article lets on as you actually get
control of both the client and server version behaviour, it is not lumped
together.
The values map to the SP_PROT flags defined in schannel.h, documented
online as part of the SCHANNEL_CRED structure under grbitEnabledProtocols.
http://msdn.microsoft.com/en-gb/library/windows/desktop/aa379810.aspx
SP_PROT_TLS1_SERVER
0x00000040
SP_PROT_TLS1_CLIENT
0x00000080
SP_PROT_TLS1_1_SERVER
0x00000100
SP_PROT_TLS1_1_CLIENT
0x00000200
SP_PROT_TLS1_2_SERVER
0x00000400
SP_PROT_TLS1_2_CLIENT
0x00000800
For standards compliant TLS implementations, you just need an intersection
of protocol support between client and server.
I am definitely curious if anybody encounters a buggy SSL/TLS library in
use in the wild that rejects a TLS 1.1 or 1.2 Client Hello...
Nick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141020/997c0be3/attachment-0001.html>
More information about the Freeradius-Users
mailing list