On Apr 16, 2021, at 8:50 AM, De Sylvain <starzzzzzz23@gmail.com> wrote:
Accros few link(show below) I understood that TLS 1.3 was not correctly supported on freeradius.
No. The previous messages I posted about this are very clear. THERE IS NO STANDARD FOR USING TLS 1.3 WITH EAP. THE STANDARD DOES NOT EXIST. THEREFORE NO ONE SHOULD USE TLS 1.3 WITH EAP. It is wrong to say the "TLS 1.3 is not correctly supported on FreeRADIUS". It is correct to say that EAP-TLS does not support TLS 1.3.
I have the same issue like this post #3665 <https://github.com/FreeRADIUS/freeradius-server/issues/3665> However my window client is correctly configured and it do no use tls version 1.3.
No. It's still doing TLS 1.3. FreeRADIUS isn't lying to you. http://lists.freeradius.org/pipermail/freeradius-users/2020-November/099104.... This has all been discussed before on the mailing list, and on GitHub where it looks like you posted this same question. The answer hasn't changed. Configure "cipher_list" as noted there, and by Jochem. Or, use the v3.0.x branch from GitHub. Alan DeKok.