help seeing more debugging EAP-TTLS handshake
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu Sep 24 16:38:47 CEST 2015
Hi,
> There's some good advice here:
>
> https://wiki.terena.org/display/H2eduroam/EAP+Server+Certificate+considerations
yep....unfortunately its scoped to just the certificate...which is a start... the next
part should be the EAP/TLS stuff - TLS 1.2 support, ciphers to use.... if you are using
a Diffie-Hellman useing method then ensure your DH key is at least 1024 bit etc etc
...then we go down into the rabbit hole of what clients DONT support TLS 1.2 and prevent
you from scoping the cipher list to JUST TLS 1.2 methods ;-)
alan
More information about the Freeradius-Users
mailing list