Cholleti, Hanumantha wrote:
Wondering if FreeRadius supports EAP TLS 1.2 authentication; our understanding is, if we have the OpenSSL version that supports the TLS 1.2 ciphers and FreeRadius EAP module is configured with the TLS 1.2 cipher, it should support.
FreeRADIUS uses OpenSSL for TLS. So any TLS version requirements are requirements on OpenSSL.
Sorry if we missed any additional documentation, for EAP TLS 1.2 authentication, we updated our eap configuration cipher: cipher_list = "AES256-SHA256"
You should have more ciphers than that. Why break the default configuration?
(3) ERROR: eap_tls : SSL says: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
That's pretty definitive. You need to configure a shared cipher.
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Note that those are *not* the cipher you configured above. They have to be *identical*, so far is I know. Why not use use the default cipher list? Have you even tried? It should work. Alan DeKok.