[EXT] Re: TLS 1.3
HERCEK, Marián
marian.hercek at ucm.sk
Mon May 31 13:54:57 CEST 2021
Hello,
1) it's very unlikely Android 4.4 supports TLS 1.3
2) recv TLS 1.3 Handshake, ClientHello - does it belong to client (Android 4.4) or NAS (e.g. WiFi AP)?
3) you mean I have to configure just tls_max_version and not tls_min_version?
Thanks.
MH
-----Pôvodná správa-----
Od: Freeradius-Users <freeradius-users-bounces+marian.hercek=ucm.sk at lists.freeradius.org> V mene používateľa Alan DeKok
Odoslané: pondelok 31. mája 2021 13:39
Komu: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Predmet: [EXT] Re: TLS 1.3
On May 31, 2021, at 6:15 AM, HERCEK, Marián <marian.hercek at ucm.sk> wrote:
> after upgrading to 3.0.22 I can see many authentication problems with
> old devices (e.g. Android 4.4)
Those devices don't support TLS 1.3. They might *ask for* TLS 1.3, but they won't *implement* it properly.
> Using EAP + MSCHAPv2.
If you read the debug output, you'll see that PEAP doesn't support 1.3, either.
This is because (for now), we only support TLS 1.3 for EAP-TLS. The reasons why are complex.
> I configured tls_min_version to “1.0” and tls_max_version to “1.3”.
Use
tls_max_version = "1.3"
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6860 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20210531/fa6eff4a/attachment-0001.bin>
More information about the Freeradius-Users
mailing list