Use Mozilla's intermediate cipher suites set by default.

Phil Mayers p.mayers at imperial.ac.uk
Tue Nov 18 18:21:29 CET 2014


On 18/11/14 17:10, Nick Lowe wrote:
> Phil,
>
> I agree with you to the extent that simply modifying the default
> configuration file to define a cipher_list would be a rather poor idea
> as it would stick around as best practices change.
>
> I think the right approach is to change the behaviour of FreeRADIUS so
> that it sets a sane cipher suites configuration where cipher_list isn't
> defined in eap.conf.

That's even *worse* - you want to embed it in the source code! If you 
have to do either, embedding it in the default config files is least 
evil IMO.


More information about the Freeradius-Users mailing list