On Oct 16, 2015, at 9:34 AM, Alan DeKok <aland@deployingradius.com> wrote:
On Oct 16, 2015, at 9:29 AM, Sebastian Hagedorn <Hagedorn@uni-koeln.de> wrote:
I hope this isn't a dumb question ... I (successfully) tried eapol_test on a RHEL 6 system with OpenSSL openssl-1.0.1e-42.el6.x86_64 and FreeRadius 3.0.10 and was surprised that I didn't see TLSv1... at all.
OpenSSL is pretty stingy in the information it gives to the application. FreeRADIUS also doesn't print out everything it can.
Yeah in this case those strings are coming from OpenSSL *sigh*. Even 'SSL negotiation finished successfully' comes from OpenSSL. I've made it a bit better: Fri Oct 16 12:41:21 2015 : Debug: (124) eap_peap: >>> send handshake [length 16], finished Fri Oct 16 12:41:21 2015 : Debug: (124) eap_peap: TLS Accept: SSLv3 write finished A Fri Oct 16 12:41:21 2015 : Debug: (124) eap_peap: TLS Accept: SSLv3 flush data Fri Oct 16 12:41:21 2015 : Debug: (124) eap_peap: SSL negotiation finished successfully Fri Oct 16 12:41:21 2015 : Debug: (124) eap_peap: TLS established with cipher suite: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD Fri Oct 16 12:41:21 2015 : Debug: (124) eap_peap: [eaptls process] = handled Fri Oct 16 12:41:21 2015 : Debug: (124) eap: Sending EAP Request (code 1) ID 6 length 57 At least now you can check the protocol version in the cipher to be sure. Again OpenSSL provides the string, which is why there's the random whitespace :( -Arran