2015-05-26 4:46 GMT+02:00 Scott A. Johnson <scott.a.johnson@gmail.com>:
Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/Library/Server/radius/raddb/certs" pem_file_type = yes private_key_file = "server.key" certificate_file = "server.crt" CA_file = "server.crt" private_key_password = “REDACTED” dh_file = "/Library/Server/radius/raddb/certs/dh" random_file = "/Library/Server/radius/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/Library/Server/radius/raddb/certs/bootstrap" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { tmpdir = "/tmp/radiusd" client = "/usr/bin/openssl verify -CApath /Library/Server/radius/raddb/certs %{TLS-Client-Cert-Filename}" } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } }
Alan, I was looking for the documentation about the configuration options for tls-common but it's neither on freeradius.org nor networkradius.com. I found the site where it should be (http://networkradius.com/doc/3.0.8/raddb/tls/tls-config_tls-common.html) but it's 404. I tried 3.0.8, 3.0.7 and current. I'm just wondering where Scott got all these options from :)