Warnings about OpenSSL 1.0.1f and 1.0.1g
Alan DeKok
aland at deployingradius.com
Fri Dec 11 15:17:41 CET 2015
Anyone using these versions of OpenSSL should either upgrade them, or set "disable_tlsv1_2" in the EAP TLS module configuration.
To make a long story short, these versions of OpenSSL calculate the WiFi encryption keys incorrectly for TLS 1.2. I've pushed a fix to v3.0 which disables TLS 1.2 when the server is built against those versions of OpenSSL.
The solution is to upgrade to a version of OpenSSL which works, upgrade FreeRADIUS, or to use "disable_tlsv1_2" on existing systems.
Alan DeKok.
More information about the Freeradius-Users
mailing list