11 Dec
2015
11 Dec
'15
9:17 a.m.
Anyone using these versions of OpenSSL should either upgrade them, or set "disable_tlsv1_2" in the EAP TLS module configuration. To make a long story short, these versions of OpenSSL calculate the WiFi encryption keys incorrectly for TLS 1.2. I've pushed a fix to v3.0 which disables TLS 1.2 when the server is built against those versions of OpenSSL. The solution is to upgrade to a version of OpenSSL which works, upgrade FreeRADIUS, or to use "disable_tlsv1_2" on existing systems. Alan DeKok.