On Oct 15, 2015, at 2:31 PM, Paolo Barbato <paolo.barbato@igi.cnr.it> wrote:
On 15 ott 2015, at 19:58, Alan DeKok <aland@deployingradius.com> wrote:
On Oct 15, 2015, at 1:28 PM, Tod A. Sandman <sandmant@rice.edu> wrote:
Android users here who have upgraded to Marshmallow can no longer connect, even after I upgraded from freeradius-2.2.8 to freeradius-2.2.9. My server is RHEL6.4 with "OpenSSL 1.0.1e-fips 11 Feb 2013". We are using PEAP/EAP-MSCHAPv2.
You should update your eap.conf to disable tls 1.2:
eap { ... tls { ... disable_tlsv1_2= yes ... } }
That will likely help.
This feature was added for situations like this. :( And not documented because we hoped it was never needed.
Well done anyway ! They say "Better safe than sorry”.
Alan is this undocumented rule available also in FR 3.x ?
Yes, and v3.1.x too. -Arran