Hi, I found a new man-in-the-middle attack with SSL. http://www.sslshopper.com/article-ssl-and-tls-renegotiation-vulnerability-discovered.html
I am afraid if freeRADIUS use SSL renegotiation? The freeRADIUS version is 1.1.6. We use EAP-TLS and the backend OpenLDAP server with TLS connection. Does freeRADIUS use SSL renegotiation ?
Thanks. John |