iOS mysterious issues on Freeradius 3.0.14

Alan DeKok aland at
Thu Mar 23 20:38:17 CET 2017

> On Mar 23, 2017, at 2:34 PM, John Tobin <jtobin at> wrote:
> Where is the tls 1.2 negotiation documented, I am somewhat of a newbie, I
> did search google for tls disable free radiusd, etc. didn¹t see anything
> like a disable switch/ or option, but then I may not have been looking in
> the right place.

  Google is generally worse than reading the server's documentation, or the config files.

  For EAP-TLS methods... edit the EAP module configuration.  i.e. raddb/mods-available/eap.  Look for "tls".

> Give me a word on the tls situation. I do get it, if you don¹t include the
> client cert, then the TLS [with the server cert installed] checks to make
> sure you have the correct server, and the client authentication is by
> userid / Password. But that is kind of a miss of true TLS which would need
> both the server and the client cert supported.

  You can use EAP-TLS, too.  You don't need passwords.

  Alan DeKok.

More information about the Freeradius-Users mailing list