On Oct 19, 2018, at 9:59 AM, Doug Wussler <doug.wussler@fsu.edu> wrote:
Just FYI, I upgraded to 3.0.17 and compiled with OpenSSL 1.1.1. Debug info still reports UNKNOWN TLS VERSION:
FreeRADIUS Version 3.0.17 Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
(1) eap_peap: TLS_accept: before SSL initialization (1) eap_peap: <<< recv UNKNOWN TLS VERSION ?0304? [length 0092] (1) eap_peap: TLS_accept: SSLv3/TLS read client hello
Ah yes, that was a typo. It's been fixed in the v3.0.x branch.
I should also mention that when using OpenSSL 1.1.1 the executable will not launch without this setting in radiusd.conf:
allow_vulnerable_openssl = CVE-2016-6304
which should not be necessary with 1.1.1.
That was another typo. It's already been fixed in the v3.0.x branch.
Also, if interested, when attempting to compile with config setting "--without-dhcp" the compilation fails with:
CC src/main/radattr.c build/objs/src/main/radattr.o: In function `process_file': /downloads/freeradius-server-3.0.17/src/main/radattr.c:842: undefined reference to `fr_dhcp_decode_options' /downloads/freeradius-server-3.0.17/src/main/radattr.c:813: undefined reference to `fr_dhcp_encode_option' collect2: error: ld returned 1 exit status make: *** [build/bin/local/radattr] Error 1
I've pushed a fix.
This information is not intended as a complaint. I love the freeradius application and am very appreciative of all the work that goes into it. The efforts and responsiveness of both the development team and the community are extremely robust and helpful.
Simple bug reports are *much* better than "I did stuff and it didn't work. What's wrong?" Alan DeKok.