Reduce TLS Handshake Certificate Request Types and Hash Algorithms?

Alan DeKok aland at deployingradius.com
Thu Jun 10 20:59:52 CEST 2021


On Jun 10, 2021, at 2:57 PM, James Ko <jim.list at hotmail.com> wrote:
> 
> In a TLS handshake the Server Certificate Request contains 3 types RSA Sign, DSS Sign, and ECDSA Sign along with 20 Signature Hash Algorithms.
> 
> Is it possible to configure freeradius to allow only ECDSA and one Hash Algorithm, or is this dictated by openssl/libopenssl reporting supported types.

  See "cipher_list" in mods-enabled/eap.  The string contents are passed directly to OpenSSL.  See the OpenSSL documentation for what names to use, and how to format them.

  Alan DeKok.




More information about the Freeradius-Users mailing list