TLS 1.3 enabled or not?
Hi everyone! Have you enabled TLS 1.3 in your configuration? I read somewhere it can cause issues, but we mostly use recent Windows and macOS machines, and I was wondering if we could benefit from it. tls_min_version = 1.2 tls_max_version = 1.3 Thanks !
Hi Luca We have TLS 1.2 / 1.3 allowed and did not have any issues with this so far; deactivated TLS 1.0 / 1.1 about 1.5 months ago: cipher_list = "ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 TLS_AES_256_GCM_SHA384" tls_min_version = "1.2" tls_max_version = "1.3" Regards Dominic Am 27.09.24, 10:27 schrieb "Freeradius-Users im Auftrag von Luca Borruto via Freeradius-Users" <freeradius-users-bounces+dominic.stalder=unibe.ch@lists.freeradius.org <mailto:unibe.ch@lists.freeradius.org> im Auftrag von freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org>>: Hi everyone! Have you enabled TLS 1.3 in your configuration? I read somewhere it can cause issues, but we mostly use recent Windows and macOS machines, and I was wondering if we could benefit from it. tls_min_version = 1.2 tls_max_version = 1.3 Thanks ! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <http://www.freeradius.org/list/users.html>
On Sep 27, 2024, at 10:26 AM, Luca Borruto via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
Have you enabled TLS 1.3 in your configuration? I read somewhere it can cause issues, but we mostly use recent Windows and macOS machines, and I was wondering if we could benefit from it. tls_min_version = 1.2 tls_max_version = 1.3
Windows supports TLS 1.3, but doesn't support session resumption for PEAP and TTLS with TLS 1.3. Which makes it less useful than it could be. I don't know about OSX. Alan DeKok.
participants (3)
-
Alan DeKok -
dominic.stalder@unibe.ch -
Luca Borruto