FreeRadius3 - TLS 1.2 & Eapol_Test

O'Connell, Ryan ryan.oconnell at viasat.com
Wed Jan 22 22:11:23 CET 2014 

Is there a way to use eapol_test to force TLS 1.2?  I have downloaded and compiled the latest wpa_supplicant with OpenSSL 1.0.1e-fips 11 Feb 2013.  I can't seem to find the configuration switch to enable TLS 1.2.  On the server side I have tried configuring the eap module with:

cipher_list = "DEFAULT"
cipher_list = "ALL:!MEDIUM:!LOW"
cipher_list = "AES256-SHA"
cipher_list = "AES256-SHA256"
cipher_list = "AES256-SHA256:AES128-SHA256"
cipher_list = "AES256-SHA256:AES128:SHA"

The command string I am currently using is:

./eapol_test -c eapol_test.conf.tls  -a10.115.10.32  -p1812 -stesting123 -r1

The contents of the eapol_test.conf.tls are:

eapol_version=2
network={
eap=TLS
eapol_flags=3
proto=WPA
#key_mgmt=IEEE8021X
key_mgmt=WPA-EAP
identity="00A0BC2FF8C0 at test"
ca_cert="testca.pem"
client_cert="Client_Cert.pem"
private_key="Client_privKey.pem"
}

My FreeRadius3 server server details:

[root at aaa ~]# /usr/sbin/radiusd -Xv
Wed Jan 22 13:00:52 2014 : Info: radiusd: FreeRADIUS Version 3.0.1, for host x86_64-redhat-linux-gnu, built on Jan 20 2014 at 01:36:32
Wed Jan 22 13:00:52 2014 : Debug: Server was built with:
Wed Jan 22 13:00:52 2014 : Debug:   accounting
Wed Jan 22 13:00:52 2014 : Debug:   authentication
Wed Jan 22 13:00:52 2014 : Debug:   ascend binary attributes
Wed Jan 22 13:00:52 2014 : Debug:   coa
Wed Jan 22 13:00:52 2014 : Debug:   control-socket
Wed Jan 22 13:00:52 2014 : Debug:   detail
Wed Jan 22 13:00:52 2014 : Debug:   dhcp
Wed Jan 22 13:00:52 2014 : Debug:   dynamic clients
Wed Jan 22 13:00:52 2014 : Debug:   proxy
Wed Jan 22 13:00:52 2014 : Debug:   regex-pcre
Wed Jan 22 13:00:52 2014 : Debug:   session-management
Wed Jan 22 13:00:52 2014 : Debug:   stats
Wed Jan 22 13:00:52 2014 : Debug:   tcp
Wed Jan 22 13:00:52 2014 : Debug:   threads
Wed Jan 22 13:00:52 2014 : Debug:   tls
Wed Jan 22 13:00:52 2014 : Debug:   unlang
Wed Jan 22 13:00:52 2014 : Debug:   vmps
Wed Jan 22 13:00:52 2014 : Debug: Server core libs:
Wed Jan 22 13:00:52 2014 : Debug:   talloc : 2.0.*
Wed Jan 22 13:00:52 2014 : Debug:   ssl    : OpenSSL 1.0.1e-fips 11 Feb 2013
Wed Jan 22 13:00:52 2014 : Info: Copyright (C) 1999-2014 The FreeRADIUS server project and contributors
Wed Jan 22 13:00:52 2014 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
Wed Jan 22 13:00:52 2014 : Info: PARTICULAR PURPOSE
Wed Jan 22 13:00:52 2014 : Info: You may redistribute copies of FreeRADIUS under the terms of the
Wed Jan 22 13:00:52 2014 : Info: GNU General Public License
Wed Jan 22 13:00:52 2014 : Info: For more information about these matters, see the file named COPYRIGHT


Thanks,
Ryan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 476 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140122/2486b11a/attachment.pgp>

More information about the Freeradius-Users mailing list