Poodle and EAP?

Phil Mayers p.mayers at imperial.ac.uk
Mon Oct 20 14:00:28 CEST 2014


On 20/10/14 07:31, Stefan Winter wrote:
> Hi,
>
> catching up after being out of office when "Poodle" arrived.
>
> I'm wondering if FreeRADIUS is strictly enforcing TLS 1.0+ when
> negotiating a PEAP/TTLS tunnel. And if not, how to make it so :-)

Alan has pointed out that SSLv3 is disabled, but in any event exploiting 
POODLE requires forcing the client to make variable content SSLv3 
requests. It's tricky to see how that could be achieved with EAP clients.

But SSLv3 is crap anyway so it's good it's disabled.


More information about the Freeradius-Users mailing list