Hi,

I have been working with FreeRadius and reading these threads for sometime now trying to figure out how to properly configure and implement EAP-TLS using ECDHE-ECDSA ciphers.  

So far, I have been unsuccessful with the TLS handshake properly accepting.  I realize that FreeRadius does not work with encryption, but rather passes it off to OpenSSL to do it's "thing."  

I am writing because perhaps there is a FreeRadius setting/ concept that I have been foolishly neglecting.

The client (wpa_Supplicant) sends FreeRadius a Client Hello over TLS 1.0  (could perhaps cause problems with ECC?) and then FreeRadius Rejects it because of and "SSL3_CLIENT_HELLO: no shared cipher."  However, I have confirmed that the latest version of openssl supports my cipher.  

Does the EAP.conf/ FR have anything to do with Elliptic Curve's and their shared cipher besides putting in "ALL" for the cipher and "secptxxx" for the curve?

I have also confirmed through OpenSSL's   s_client/ s_server   program that my certificates are set up properly and ONLY succeed with TLS1_2 and not TLS1.0 or TLS1.1.


Thank you for any assistance!  I have been scratching my head with this for quite sometime.

v/r

Max