Using FreeRADIUS 2.1.12 (from debian package) and OpenSSL 1.0.1f, I've been able to successfully configure EAP-TLS with a number of ECDHE (ephemeral) cipher suites. However, my attempts to utilize ECDH (non-ephemeral) cipher suites fail with and error of "SSL3_GET_CLIENT_HELLO:no shared cipher." I've seen that same error occur both when I was attempting to employ a cipher suite not supported by FreeRADIUS (versions prior to 2.1.12 did not support any ECDHE cipher suites) and when I had a screwy configuration (e.g., attempts to use DSA cipher suites without first giving the server a DSA key). So I'm unclear on where the problem might lie. I've confirmed that the client/supplicant I'm testing with supports the ECDH cipher suite (tcpdump and wireshark shows the Client Hello message includes the cipher), and querying debian's OpenSSL ("openssl ciphers -v aECDH") confirmed it supports the cipher The only documentation I could find on this topic was the line 'ecdh_curve = "prime256v1"' in eap.conf. Any pointers or confirmation as to whether or not FreeRADIUS (any version) supports plain ECDH cipher suites would be greatly appreciated. Thanks Ed