EAP-TLS and elliptic curves (OPEN)

Alan DeKok aland at deployingradius.com
Wed Apr 14 13:18:35 CEST 2021


On Apr 14, 2021, at 5:08 AM, Weisteen Per <per.weisteen at telenor.no> wrote:
> Setting ecdh_curve parameter to an empty string didn't work. 
> Server fails with "no shared cipher" after it receives TLS client hello. 

  I've looked into this a bit more, and updated the FreeRADIUS side to use some of the newer OpenSSL APIs.  That should help.

  The downside is that you'll have to grab the v3.0.x branch from GitHub.  The positive part of that, tho, is the TLS messages are significantly clearer.

> I'm using
> OpenSSL 1.0.2k-fips
> FreeRADIUS Version 3.0.13

  Hmm... I'd really suggest upgrading to something more recent.

  Alan DeKok.




More information about the Freeradius-Users mailing list