Hi all, My question concerns the option in eap.conf that you can specify TLS ciphersuite(s) that the Server chooses for his ServerHello handshake message. But apparently I cant use all ciphersuites, for example the following one (found with 'man ciphers') TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA I insert the line cipher_list = 'EDH-RSA-DES-CBC3-SHA' but freeradius (v.1.1.6) complains rlm_eap_tls: <<< TLS 1.0 Handshake [length 0060], ClientHello rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal handshake_failure TLS Alert write:fatal:handshake failure TLS_accept:error in SSLv3 read client hello C rlm_eap: SSL error error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. Note that the ClientHello of wpa_supplicant contains this ciphersuite, see this snip from ethereal trace: Cipher Suites (26 suites) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) ---> Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) What ciphersuites does Freeradius support? Why doesnt ciphersuite 0x0016 work? (I also tried 0x0039, DHE-RSA-AES256-SHA, it also produces the same error) I hope you can help me Thanks in advance Thomas Otto