[EXT] TLS 1.3

Matthew Newton mcn at freeradius.org
Wed Jun 9 21:23:15 CEST 2021



On 04/06/2021 10:40, HERCEK, Marián wrote:
> I had to downgrade to 3.0.21 where old devices work.
> 
> I've tried config from 3.0.21 with 3.0.22 binary - didn't work.
> I've tried config shipped with 3.0.22 binary - didn't work.
> I've tried numerous config changes suggested on internet and here - didn't work.
> 
> I've tried 3.0.21 binary with backuped 3.0.21 config - it works.

I've tested this.

In raddb/mods-enabled/eap "tls-config tls-common" section, set:

   tls_min_version = 1.0
   tls_max_version = 1.2
   cipher_list = "DEFAULT at SECLEVEL=1"

Then it works.

-- 
Matthew


More information about the Freeradius-Users mailing list