18 Nov
2014
18 Nov
'14
11:22 a.m.
Nick Lowe wrote:
Alan and Arran,
Please may I suggest that you consider changing the default cipher suites configuration in FreeRADIUS 2.x and 3.x to use Mozilla's intermediate compatibility (default) set to encourage the use of better cipher suites that use ECDHE, GCM and PFS?
Except that also disables the PSK cipher suites, which we absolutely require. And we want to disable all SSLv3 cipher suites, because EAP uses TLSv1 or later. I am VERY wary of changing the list of cipher suites. I'd be happier with forbidding certain ones. Alan DeKok.