Authentication problems with some devices: TLS version too low

Sven Hartge sven at
Fri Sep 1 21:12:12 CEST 2017

On 01.09.2017 20:48, Lars Veldscholte wrote:

> That's right, I'm on testing.
> So that's it then... So I was reading the debug log exactly the wrong
> way around (client wants to talk in TLSv1.0 but server doesn't support
> that)?
> Any way to enable that again, or do I have to find another solution?

The "solution" proposed by Kurt Roeckx, the DD maintaining OpenSSL in
Debian, is to change every program to use the new APIs in OpenSSL 1.1+
to specify the minimum TLS version supported.

Or to convince every user to upgrade to a OS supporting TLS1.2.

My solution was to recompile the openssl package and reverting those
changes back to the former default.

This is not complicated, just "apt-get source openssl" and then comment
"tls1_2_default.patch" in SRCDIR/debian/patches/series.

Rebuild, install, "apt-mark hold libssl1.1 openssl" and your are done.

You need to repeat this procedure every update to the package, of course.


More information about the Freeradius-Users mailing list