Warnings about OpenSSL 1.0.1f and 1.0.1g

Alan DeKok aland at deployingradius.com
Fri Dec 11 15:17:41 CET 2015


  Anyone using these versions of OpenSSL should either upgrade them, or set "disable_tlsv1_2" in the EAP TLS module configuration.

  To make a long story short, these versions of OpenSSL calculate the WiFi encryption keys incorrectly for TLS 1.2.  I've pushed a fix to v3.0 which disables TLS 1.2 when the server is built against those versions of OpenSSL.

  The solution is to upgrade to a version of OpenSSL which works, upgrade FreeRADIUS, or to use "disable_tlsv1_2" on existing systems.

  Alan DeKok.




More information about the Freeradius-Users mailing list