Failed in SSLv3 read client certificate A
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Sun Jun 19 01:50:27 CEST 2016
> On 18 Jun 2016, at 14:00, Michael Martinez <mwtzzz at gmail.com> wrote:
>
> On Fri, Jun 17, 2016 at 1:26 PM, Alan DeKok <aland at deployingradius.com> wrote:
>>
>>> On Jun 17, 2016, at 4:23 PM, Michael Martinez <mwtzzz at gmail.com> wrote:
>>>
>>> We really need to get this working. We're stumped on it. Anybody have
>>> any thoughts?
>>
>> Set disable_tlsv1_2 in the EAP module.
>
> Maybe slightly off-topic, but how do I find which ssl library my
> freeradius server is compiled with? I do:
> root at 2-rpi:/usr/local/freeradius/etc/raddb# ldd
> /usr/local/freeradius/sbin/radiusd
> /usr/lib/arm-linux-gnueabihf/libcofi_rpi.so (0xb6f7e000)
> libfreeradius-server.so =>
> /usr/local/freeradius/lib/libfreeradius-server.so (0xb6f4e000)
> .....<snip>
>
> But nothing about ssl libraries shows up there.
>
> I do: strings /usr/local/freeradius/sbin/radiusd | grep -iE "openssl.*1"
> and I see a lot of references to openssl 1.0.2.f:
> Diffie-Hellman part of OpenSSL 1.0.2f 28 Jan 2016
>
> so, pretty clear it's compiled against 1.0.2.f. But out of curiosity
> is there a way to definitely find out?
/usr/local/freeradius/sbin/radiusd -v
Is more accurate than using ldd. It calls a version function in OpenSSL
to get the version, it doesn't use compile time macros.
> And, it seems "disable_tlsv1_2" was added as a way to get around some
> problems with older versions of openssl. But will it actually help in
> my case?
Probably not. But just in case the apple supplicant is broken its worth trying.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160618/d7a74eea/attachment.sig>
More information about the Freeradius-Users
mailing list