Ready for 2.2.7?
nick.lowe at gmail.com
Tue Mar 31 12:33:16 CEST 2015
Isn't it about time to, by default, include TLS extensions in the Client
Hello and have an option to switch it off for any broken servers?
Incidentally, just looking at the code in wpa_supplicant, only when OpenSSL
is used is TLS 1.2 used/supported. It's hard coded for TLS 1.0 with all the
other SSL/TLS implementations.
> If only the deployed authentication servers were to support TLS
> extensions.. Clients have to disable session tickets due to so many
> broken RADIUS servers out there with TLS implementation rejecting any
> attempt to connect with such an extension included.
More information about the Freeradius-Users