Hi,
I have been working with FreeRadius and reading these threads for sometime now trying to figure out how to properly configure and implement EAP-TLS using ECDHE-ECDSA ciphers.
So far, I have been unsuccessful with the TLS handshake properly accepting. I realize that FreeRadius does not work with encryption, but rather passes it off to OpenSSL to do it's "thing."
I am writing because perhaps there is a FreeRadius setting/ concept that I have been foolishly neglecting.
The client (wpa_Supplicant) sends FreeRadius a Client Hello over TLS 1.0 (could perhaps cause problems with ECC?) and then FreeRadius Rejects it because of and "SSL3_CLIENT_HELLO: no shared cipher." However, I have confirmed that the latest version of openssl supports my cipher.
Does the EAP.conf/ FR have anything to do with Elliptic Curve's and their shared cipher besides putting in "ALL" for the cipher and "secptxxx" for the curve?
I have also confirmed through OpenSSL's s_client/ s_server program that my certificates are set up properly and ONLY succeed with TLS1_2 and not TLS1.0 or TLS1.1.
Thank you for any assistance! I have been scratching my head with this for quite sometime.
v/r
Max