20 Oct
2014
20 Oct
'14
8 a.m.
On 20/10/14 07:31, Stefan Winter wrote:
Hi,
catching up after being out of office when "Poodle" arrived.
I'm wondering if FreeRADIUS is strictly enforcing TLS 1.0+ when negotiating a PEAP/TTLS tunnel. And if not, how to make it so :-)
Alan has pointed out that SSLv3 is disabled, but in any event exploiting POODLE requires forcing the client to make variable content SSLv3 requests. It's tricky to see how that could be achieved with EAP clients. But SSLv3 is crap anyway so it's good it's disabled.