Signature Hash Algorithm Hash configuration
Hi, I am sending the client Hello message ,when Freeradius recieves the Client hello it sends the Server Hello message with following data. If you see the data it contains Signature Hash Algorithm Hash:SHA1 (2)
From where does the freeradius populate that data, i want that Freeradius should send the SHA256 Hash algo value in Server Hello message..
TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 147 Handshake Protocol: Server Key Exchange Handshake Type: Server Key Exchange (12) Length: 143 EC Diffie-Hellman Server Params Curve Type: named_curve (0x03) Named Curve: secp256r1 (0x0017) Pubkey Length: 65 Pubkey: 04674c5cbd9edc682f3483a2289c66a4ba4572fd5eea6399... Signature Hash Algorithm: 0x0203 * Signature Hash Algorithm Hash: SHA1 (2)* Signature Hash Algorithm Signature: ECDSA (3) Signature Length: 70 Signature: 3044022009266867a43817c72bd333b96d5052313cfa62d5... -sumant
On Dec 4, 2017, at 12:02 AM, Sumant Gupta <sumantgupta@gmail.com> wrote:
I am sending the client Hello message ,when Freeradius recieves the Client hello it sends the Server Hello message with following data. If you see the data it contains
Signature Hash Algorithm Hash:SHA1 (2)
From where does the freeradius populate that data, i want that Freeradius should send the SHA256 Hash algo value in Server Hello message..
See "cipher_list" in raddb/mods-enabled/eap Alan DeKok.
I am setting the value as ECDHE-ECDSA-AES128-CCM8 Where to mention it as SHA256 and not SHA1. Since in server hello it is sending as SHA1. Following is the cipher suite id intended to be used. 0xc0ae] ECDHE-ECDSA-AES128-CCM8On Monday, December 4, 2017, Alan DeKok < aland@deployingradius.com> wrote:
On Dec 4, 2017, at 12:02 AM, Sumant Gupta <sumantgupta@gmail.com <javascript:;>> wrote:
I am sending the client Hello message ,when Freeradius recieves the
Client
hello it sends the Server Hello message with following data. If you see the data it contains
Signature Hash Algorithm Hash:SHA1 (2)
From where does the freeradius populate that data, i want that Freeradius should send the SHA256 Hash algo value in Server Hello message..
See "cipher_list" in raddb/mods-enabled/eap
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
On Dec 4, 2017, at 8:49 AM, Sumant Gupta <sumantgupta@gmail.com> wrote:
I am setting the value as ECDHE-ECDSA-AES128-CCM8 Where to mention it as SHA256 and not SHA1.
See the OpenSSL documentation. The "cipher_list" configuration item is passed directly to OpenSSL.
Since in server hello it is sending as SHA1. Following is the cipher suite id intended to be used.
You've already said that... FreeRADIUS doesn't implement SSL / TLS. It uses OpenSSL. So if there's an issue with SSL negotiation, you have to fix OpenSSL. All of the relevant configuration for OpenSSL *is* exposed and documented in the "eap" module configuration. Alan DeKok.
participants (2)
-
Alan DeKok -
Sumant Gupta