31 May
2021
31 May
'21
7:38 a.m.
On May 31, 2021, at 6:15 AM, HERCEK, Marián <marian.hercek@ucm.sk> wrote:
after upgrading to 3.0.22 I can see many authentication problems with old devices (e.g. Android 4.4)
Those devices don't support TLS 1.3. They might *ask for* TLS 1.3, but they won't *implement* it properly.
Using EAP + MSCHAPv2.
If you read the debug output, you'll see that PEAP doesn't support 1.3, either. This is because (for now), we only support TLS 1.3 for EAP-TLS. The reasons why are complex.
I configured tls_min_version to 1.0 and tls_max_version to 1.3.
Use tls_max_version = "1.3" Alan DeKok.