On 18 Jun 2016, at 14:00, Michael Martinez <mwtzzz@gmail.com> wrote:
On Fri, Jun 17, 2016 at 1:26 PM, Alan DeKok <aland@deployingradius.com> wrote:
On Jun 17, 2016, at 4:23 PM, Michael Martinez <mwtzzz@gmail.com> wrote:
We really need to get this working. We're stumped on it. Anybody have any thoughts?
Set disable_tlsv1_2 in the EAP module.
Maybe slightly off-topic, but how do I find which ssl library my freeradius server is compiled with? I do: root@2-rpi:/usr/local/freeradius/etc/raddb# ldd /usr/local/freeradius/sbin/radiusd /usr/lib/arm-linux-gnueabihf/libcofi_rpi.so (0xb6f7e000) libfreeradius-server.so => /usr/local/freeradius/lib/libfreeradius-server.so (0xb6f4e000) .....<snip>
But nothing about ssl libraries shows up there.
I do: strings /usr/local/freeradius/sbin/radiusd | grep -iE "openssl.*1" and I see a lot of references to openssl 1.0.2.f: Diffie-Hellman part of OpenSSL 1.0.2f 28 Jan 2016
so, pretty clear it's compiled against 1.0.2.f. But out of curiosity is there a way to definitely find out?
/usr/local/freeradius/sbin/radiusd -v Is more accurate than using ldd. It calls a version function in OpenSSL to get the version, it doesn't use compile time macros.
And, it seems "disable_tlsv1_2" was added as a way to get around some problems with older versions of openssl. But will it actually help in my case?
Probably not. But just in case the apple supplicant is broken its worth trying. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2