Poodle and EAP?
Nick Lowe
nick.lowe at gmail.com
Mon Oct 20 17:31:34 CEST 2014
TlsVersion, not TlsVersions!
On Mon, Oct 20, 2014 at 4:28 PM, Nick Lowe <nick.lowe at gmail.com> wrote:
> For anybody interested, the configuration of the TlsVersions DWORD in the
> registry is more granular than the KB article lets on as you actually get
> control of both the client and server version behaviour, it is not lumped
> together.
>
> The values map to the SP_PROT flags defined in schannel.h, documented
> online as part of the SCHANNEL_CRED structure under grbitEnabledProtocols.
>
> http://msdn.microsoft.com/en-gb/library/windows/desktop/aa379810.aspx
>
> SP_PROT_TLS1_SERVER
> 0x00000040
>
> SP_PROT_TLS1_CLIENT
> 0x00000080
>
> SP_PROT_TLS1_1_SERVER
> 0x00000100
>
> SP_PROT_TLS1_1_CLIENT
> 0x00000200
>
> SP_PROT_TLS1_2_SERVER
> 0x00000400
>
> SP_PROT_TLS1_2_CLIENT
> 0x00000800
>
> For standards compliant TLS implementations, you just need an intersection
> of protocol support between client and server.
>
> I am definitely curious if anybody encounters a buggy SSL/TLS library in
> use in the wild that rejects a TLS 1.1 or 1.2 Client Hello...
>
> Nick
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141020/b81b665a/attachment.html>
More information about the Freeradius-Users
mailing list