There's now support for OpenSSL 1.1.0-pre4 support in v3.1.x. This was actually a fair amount of work. OpenSSL has switched to private structs, meaning we have to allocate things like HMAC_CTX on the heap now instead of using the stack. It also means we no longer have direct access to fields within SSL session contexts and have to use OpenSSL accessor functions in many places. Alan D completed the first part of the work a few months ago, and I finished off the changes yesterday. Our basic EAP test suite passes, but it would be useful if those who rely heavily on TLS could test this out in their lab environment. For large deployments of EAP-TLS/EAP-TTLS/EAP-PEAP there may be a noticeable performance improvement, as OpenSSL has (finally) removed their global object/type-specific mutexes. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2