7 Nov
2024
7 Nov
'24
1:46 p.m.
Alan Dekok wrote:
Don't enable FIPS mode. The RADIUS protocol uses MD5. MS-CHAP uses MD4.
Thank you for your advice. I was misled by an out-of-date reference. According to the following link, FreeRADIUS can be used with FIPS mode: https://networkradius.com/articles/2020/10/28/freeradius-fips.html Specifically:
FreeRADIUS just passes a special flag EVP_MD_CTX_FLAG_NON_FIPS_ALLOW to the OpenSSL APIs!
Unfortunately, that flag has no effect in openssl version 3. Perhaps the above documentation could be updated.