Signature Hash Algorithm Hash configuration

Alan DeKok aland at
Mon Dec 4 15:12:36 CET 2017

On Dec 4, 2017, at 8:49 AM, Sumant Gupta <sumantgupta at> wrote:
> I am setting the value as ECDHE-ECDSA-AES128-CCM8
> Where to mention it as SHA256 and not SHA1.

  See the OpenSSL documentation.

  The "cipher_list" configuration item is passed directly to OpenSSL.

> Since in server hello it is sending as SHA1.
> Following is the cipher suite id intended to be used.

  You've already said that...

  FreeRADIUS doesn't implement SSL / TLS.  It uses OpenSSL.  So if there's an issue with SSL negotiation, you have to fix OpenSSL.

  All of the relevant configuration for OpenSSL *is* exposed and documented in the "eap" module configuration.

  Alan DeKok.

More information about the Freeradius-Users mailing list