18 Nov
2014
18 Nov
'14
12:21 p.m.
On 18/11/14 17:10, Nick Lowe wrote:
Phil,
I agree with you to the extent that simply modifying the default configuration file to define a cipher_list would be a rather poor idea as it would stick around as best practices change.
I think the right approach is to change the behaviour of FreeRADIUS so that it sets a sane cipher suites configuration where cipher_list isn't defined in eap.conf.
That's even *worse* - you want to embed it in the source code! If you have to do either, embedding it in the default config files is least evil IMO.