Hi, Has anybody ever change the type of key exchange using eap-tls? eap.conf: ......... rsa_key_exchange = yes dh_key_exchange = no rsa_key_length =1024 dh_key_length....... ........... output of radiusd -X ........ Module: Instantiating eap-tls tls { rsa_key_exchange = yes dh_key_exchange = no rsa_key_length =1024 ........ } ........... Does it would be enough?
Sergio escribió:
Hi,
Has anybody ever change the type of key exchange using eap-tls?
eap.conf:
......... rsa_key_exchange = yes dh_key_exchange = no rsa_key_length =1024 dh_key_length....... ...........
output of radiusd -X
........ Module: Instantiating eap-tls tls { rsa_key_exchange = yes dh_key_exchange = no rsa_key_length =1024 ........ } ...........
Does it would be enough? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, Please developers :) i only have a question: can freeradius and a client perform a rsa key exchange? 1.- the client generates pre-masterSecret 2.- the client sends it to the server, ciphered with server public key 3.- key derivation I think changes above aren't a good idea because it isn't documented (although is in source code) and also aren't any response to my question
Sergio wrote:
Please developers :) i only have a question: can freeradius and a client perform a rsa key exchange?
There is no code to do *ephemeral* key exchange. *Normal* key exchange is part of the SSL protocol. See the SSL specifications, and the OpenSSL documentation for more details. Alan DeKok.
Alan DeKok escribió:
Sergio wrote:
Please developers :) i only have a question: can freeradius and a client perform a rsa key exchange?
There is no code to do *ephemeral* key exchange. *Normal* key exchange is part of the SSL protocol.
See the SSL specifications, and the OpenSSL documentation for more details.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok, that's enough for me, thanks alan
participants (2)
-
Alan DeKok -
Sergio