On Fri, Jun 17, 2016 at 1:26 PM, Alan DeKok <aland@deployingradius.com> wrote:
On Jun 17, 2016, at 4:23 PM, Michael Martinez <mwtzzz@gmail.com> wrote:
We really need to get this working. We're stumped on it. Anybody have any thoughts?
Set disable_tlsv1_2 in the EAP module.
Maybe slightly off-topic, but how do I find which ssl library my freeradius server is compiled with? I do: root@2-rpi:/usr/local/freeradius/etc/raddb# ldd /usr/local/freeradius/sbin/radiusd /usr/lib/arm-linux-gnueabihf/libcofi_rpi.so (0xb6f7e000) libfreeradius-server.so => /usr/local/freeradius/lib/libfreeradius-server.so (0xb6f4e000) .....<snip> But nothing about ssl libraries shows up there. I do: strings /usr/local/freeradius/sbin/radiusd | grep -iE "openssl.*1" and I see a lot of references to openssl 1.0.2.f: Diffie-Hellman part of OpenSSL 1.0.2f 28 Jan 2016 so, pretty clear it's compiled against 1.0.2.f. But out of curiosity is there a way to definitely find out? And, it seems "disable_tlsv1_2" was added as a way to get around some problems with older versions of openssl. But will it actually help in my case?