On Nov 8, 2024, at 3:52 AM, Stephan P. <ShoootLight@outlook.de> wrote:
Does FreeRADIUS server support EAP-TLS 1.3 (as described in RFC9190)?
Yes.
And if yes, beginning with which version of FreeRADIUS?
The ChangeLog for 3.0 shows that it was 3.0.23. But there are caveats, as the standard wasn't done.
I looked in the changelogs, TLS 1.3 support is mentioned for EAP-TTLS and EAP-PEAP (but not for EAP-TLS) (-> version 3.0.26 (2022.09.20) and version 3.2.2 (2023.02.16)). I haven't found anything explicit about it in the documents, only the "TLS 1.3 Configuration" mailing list thread from Boby Tharappel implicating feature support.
TTLS and PEAP are really "EAP-TLS with more data in the inner TLS tunnel". So they only support TLS 1.3 because the base EAP-TLS code supports TLS 1.3. To put it another way, EAP-TLS, TTLS, and PEAP all share a common "tls { ... }" configuration. So they all support the same TLS versions, the same TLS functionality, etc. Alan DeKok.