Authentication problems with some devices: TLS version too low

Lars Veldscholte lars at tuxplace.nl
Fri Sep 1 21:14:31 CEST 2017


Thanks a lot! I'll do that.

Regards,

Lars


On 01/09/2017 21:12, Sven Hartge wrote:
> On 01.09.2017 20:48, Lars Veldscholte wrote:
>
>> That's right, I'm on testing.
>>
>> So that's it then... So I was reading the debug log exactly the wrong
>> way around (client wants to talk in TLSv1.0 but server doesn't support
>> that)?
>>
>> Any way to enable that again, or do I have to find another solution?
> The "solution" proposed by Kurt Roeckx, the DD maintaining OpenSSL in
> Debian, is to change every program to use the new APIs in OpenSSL 1.1+
> to specify the minimum TLS version supported.
>
> Or to convince every user to upgrade to a OS supporting TLS1.2.
>
> My solution was to recompile the openssl package and reverting those
> changes back to the former default.
>
> This is not complicated, just "apt-get source openssl" and then comment
> "tls1_2_default.patch" in SRCDIR/debian/patches/series.
>
> Rebuild, install, "apt-mark hold libssl1.1 openssl" and your are done.
>
> You need to repeat this procedure every update to the package, of course.
>
> Grüße,
> Sven.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170901/3e8d4869/attachment-0001.sig>


More information about the Freeradius-Users mailing list