Thanks a lot! I'll do that. Regards, Lars On 01/09/2017 21:12, Sven Hartge wrote:
On 01.09.2017 20:48, Lars Veldscholte wrote:
That's right, I'm on testing.
So that's it then... So I was reading the debug log exactly the wrong way around (client wants to talk in TLSv1.0 but server doesn't support that)?
Any way to enable that again, or do I have to find another solution? The "solution" proposed by Kurt Roeckx, the DD maintaining OpenSSL in Debian, is to change every program to use the new APIs in OpenSSL 1.1+ to specify the minimum TLS version supported.
Or to convince every user to upgrade to a OS supporting TLS1.2.
My solution was to recompile the openssl package and reverting those changes back to the former default.
This is not complicated, just "apt-get source openssl" and then comment "tls1_2_default.patch" in SRCDIR/debian/patches/series.
Rebuild, install, "apt-mark hold libssl1.1 openssl" and your are done.
You need to repeat this procedure every update to the package, of course.
Grüße, Sven.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html