On Nov 24, 2020, at 7:57 AM, Jochem Sparla <J.Sparla@iolan.com> wrote:
After finding this link: https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-se... I managed to set the SSL security level for OpenSSL 1.1.1f on Ububtu 20.04 to 1, as described in the link.
Now FreeRADIUS 3.0.20 on Ubuntu 20.04 behavior is more like FreeRADIUS 3.0.16 on Ubuntu 18.04: (2) eap_peap: TLS_accept: before SSL initialization (2) eap_peap: <<< recv UNKNOWN TLS VERSION ?0304? [length 0062] (2) eap_peap: TLS_accept: SSLv3/TLS read client hello (2) eap_peap: >>> send TLS 1.0 Handshake [length 003d], ServerHello
It still (thinks it) receives TLS 1.3 from the Windows 7 client, but the 'unknown TLS version' does not cause a fatal error and the process finishes normal.
Are there any (known) issues between FreeRADIUS and/or OpenSSL (or setting parameters between them) on Ubuntu 20.04?
The tls_max_version = "1.2" and tls_min_version = "1.0" in FreeRADIUS eap config are set, but that does not seem to be enough.
I'd blame OpenSSL. :( FreeRADIUS passes that setting to OpenSSL, which may or may not pay attention. Alan DeKok.