help seeing more debugging EAP-TTLS handshake

Nick Lowe nick.lowe at
Thu Sep 24 18:30:32 CEST 2015

It supports everything I'm aware of from an TLS-based EAP client perspective.

It's more compatible than your string and prioritises PFS and GCM actually ;)

Your string nukes legacy clients that don't have AES support, like the
supplicant in Windows XP.

That's the RSA+3DES+SHA1 bit on the end...

It also complies to the RFC that prohibits RC4.


More information about the Freeradius-Users mailing list