Not a suggestion on your entryption issue, but have you checked to see if there are firmware updates available for your old switches? The original HP (now HPE) was pretty good about providing firmware for those old switches (back in the day when they made them from real metal ;) On Mon, 24 Nov 2025, Nicolas Godbert via Freeradius-Users wrote:
Hello,
I try to recycle some old HPE switches as radius client using EAP-TLS based protocols for test only. They are using old deprecated ciphers, so i rebuild openssl for legacy suites on a raspbian (I know, it's bad idea and not secure).
# openssl ciphers -v ALL | grep RC4 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
So, when the server freeradius and the switch try to negociate, i can see in the logs that the cipher RC4-MD5 is now common for the two devices.
[snip...]
Do you have some hints to help debug further please ? Thank you in advance.
Best regards,
-- Dave Funk University of Iowa <dbfunk (at) engineering.uiowa.edu> College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center, 103 S Capitol St. Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include <std_disclaimer.h> Better is not better, 'standard' is better. B{