Where is the tls 1.2 negotiation documented, I am somewhat of a newbie, I did search google for tls disable free radiusd, etc. didn¹t see anything like a disable switch/ or option, but then I may not have been looking in the right place. The only note that makes sense is one that says you simply don¹t install the client cert. The problem I am facing maybe using the Dot1xprofiler. It doesn¹t have all the options I need to put in 1. Certificate[s], and a WPA password, and an userid/passwprd pair. I may have a work around for that -> I build the Dot1xprofile, then use the command line profile command to print out the plist of the profile [profiles -L -o [pathAndFileName] -> run man on the profiles command look at the examples] then edit the profile to include wpa2 EncrptionType, and fill in a password, then use the profiles command again to recreate [install] the profile with you updates. Well some thing like that. Give me a word on the tls situation. I do get it, if you don¹t include the client cert, then the TLS [with the server cert installed] checks to make sure you have the correct server, and the client authentication is by userid / Password. But that is kind of a miss of true TLS which would need both the server and the client cert supported. tob On 3/22/17, 18:16, "Freeradius-Users on behalf of A.L.M.Buxey@lboro.ac.uk" <freeradius-users-bounces+jtobin=po-box.esu.edu@lists.freeradius.org on behalf of A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
The log snip below, shows test on os x Sierra, Windows 7 works, I have not had the time to test win 10. So free Radiusd works, this is just an apple os x problem, server cert is self signed, dot1xprofiler is my profile app, and has both the signed cert [server.pem] and client cert [client.p12] generated by the make in /etc/raddb/certs.
well, client issue....TLS issue... I would suggest looking at my previous response and trying that config option out.
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html