iOS mysterious issues on Freeradius 3.0.14

[John Tobin]

Sorry, still lost:

In the tls-config tls-common

I see a flag set for :

#      Disable_tlsv1_2 = no      [that is commented out]…
And a
# check_cert_issuer =
And a 
#      check_cert_cn =

The tls config per se  :
Tls {
Just points back to the tls-config tls-common I believe…

 

If you want to take this discussion off line because it is somewhat
security sensitive, I am jtobin at po-box.esu.edu.

Sincerely,
tob


On 3/23/17, 15:38, "Freeradius-Users on behalf of Alan DeKok"
<freeradius-users-bounces+jtobin=po-box.esu.edu at lists.freeradius.org on
behalf of aland at deployingradius.com> wrote:

>
>> On Mar 23, 2017, at 2:34 PM, John Tobin <jtobin at po-box.esu.edu> wrote:
>> 
>> Where is the tls 1.2 negotiation documented, I am somewhat of a newbie,
>>I
>> did search google for tls disable free radiusd, etc. didn¹t see anything
>> like a disable switch/ or option, but then I may not have been looking
>>in
>> the right place.
>
>  Google is generally worse than reading the server's documentation, or
>the config files.
>
>  For EAP-TLS methods... edit the EAP module configuration.  i.e.
>raddb/mods-available/eap.  Look for "tls".
>
>> Give me a word on the tls situation. I do get it, if you don¹t include
>>the
>> client cert, then the TLS [with the server cert installed] checks to
>>make
>> sure you have the correct server, and the client authentication is by
>> userid / Password. But that is kind of a miss of true TLS which would
>>need
>> both the server and the client cert supported.
>
>  You can use EAP-TLS, too.  You don't need passwords.
>
>  Alan DeKok.
>
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html