Algorithm used by FreeRADIUS to choose cipher suite used with EAP-TLS/TTLS

Alan DeKok aland at deployingradius.com
Fri Feb 16 01:41:41 CET 2007


Walter Goulet wrote:
>
> How does FreeRADIUS's rlm_eap module choose the cipher suite used for
> EAP-TLS/TTLS sessions?

  It relies on OpenSSL to do the negotiation.

> RFC 2246 for TLS states that the client presents the list of
> ciphersuites supported to the server and the server picks one that it
> supports.
> 
> Is there a way to configure FreeRADIUS to only use a specific set of
> ciphersuites? The goal is that in some cases it may be desireable to
> restrict incoming clients to use a particular suite.

  Yes.  See "cipher_list" in eap.conf.  It's documented.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list