Hello, 1) it's very unlikely Android 4.4 supports TLS 1.3 2) recv TLS 1.3 Handshake, ClientHello - does it belong to client (Android 4.4) or NAS (e.g. WiFi AP)? 3) you mean I have to configure just tls_max_version and not tls_min_version? Thanks. MH -----Pôvodná správa----- Od: Freeradius-Users <freeradius-users-bounces+marian.hercek=ucm.sk@lists.freeradius.org> V mene používateľa Alan DeKok Odoslané: pondelok 31. mája 2021 13:39 Komu: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Predmet: [EXT] Re: TLS 1.3 On May 31, 2021, at 6:15 AM, HERCEK, Marián <marian.hercek@ucm.sk> wrote:
after upgrading to 3.0.22 I can see many authentication problems with old devices (e.g. Android 4.4)
Those devices don't support TLS 1.3. They might *ask for* TLS 1.3, but they won't *implement* it properly.
Using EAP + MSCHAPv2.
If you read the debug output, you'll see that PEAP doesn't support 1.3, either. This is because (for now), we only support TLS 1.3 for EAP-TLS. The reasons why are complex.
I configured tls_min_version to “1.0” and tls_max_version to “1.3”.
Use tls_max_version = "1.3" Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html