14 Apr
2021
14 Apr
'21
7:18 a.m.
On Apr 14, 2021, at 5:08 AM, Weisteen Per <per.weisteen@telenor.no> wrote:
Setting ecdh_curve parameter to an empty string didn't work. Server fails with "no shared cipher" after it receives TLS client hello.
I've looked into this a bit more, and updated the FreeRADIUS side to use some of the newer OpenSSL APIs. That should help. The downside is that you'll have to grab the v3.0.x branch from GitHub. The positive part of that, tho, is the TLS messages are significantly clearer.
I'm using OpenSSL 1.0.2k-fips FreeRADIUS Version 3.0.13
Hmm... I'd really suggest upgrading to something more recent. Alan DeKok.