We are looking into how to change TLS behavior on radiusd. This is for testing purpose, so I want to intentionally only allow TLS 1.0. Currently running: FreeRADIUS Version 3.0.12. Is there a way to make this version only accept TLS 1.0, right now we are using older 2.x version to test this. -David
Thanks. I think that is a common confusion; the ciphers classified as TLS1.x is different than the protocol TLS. I need to make sure we only negotiate to version TLS 1.0 in the hello message. -David SSL Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 91 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 87 Version: TLS 1.2 (0x0303) From: Alan Buxey [mailto:A.L.M.Buxey@lboro.ac.uk] Sent: Thursday, November 17, 2016 4:43 PM To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>; David Ward <daward@Brocade.COM>; freeradius-users@lists.freeradius.org Subject: Re: No TLS 1.2 Modify the CIPHER list in the eap config file? alan
On Nov 17, 2016, at 5:08 PM, David Ward <daward@Brocade.COM> wrote:
We are looking into how to change TLS behavior on radiusd. This is for testing purpose, so I want to intentionally only allow TLS 1.0. Currently running: FreeRADIUS Version 3.0.12.
Is there a way to make this version only accept TLS 1.0, right now we are using older 2.x version to test this.
In version 3, see "disable_tls" in raddb/mods-available/eap. There are flags for each TLS version. Alan DeKok.
participants (3)
-
Alan Buxey -
Alan DeKok -
David Ward