Authentication problems with some devices: TLS version too low

Lars Veldscholte lars at
Fri Sep 1 21:14:31 CEST 2017

Thanks a lot! I'll do that.



On 01/09/2017 21:12, Sven Hartge wrote:
> On 01.09.2017 20:48, Lars Veldscholte wrote:
>> That's right, I'm on testing.
>> So that's it then... So I was reading the debug log exactly the wrong
>> way around (client wants to talk in TLSv1.0 but server doesn't support
>> that)?
>> Any way to enable that again, or do I have to find another solution?
> The "solution" proposed by Kurt Roeckx, the DD maintaining OpenSSL in
> Debian, is to change every program to use the new APIs in OpenSSL 1.1+
> to specify the minimum TLS version supported.
> Or to convince every user to upgrade to a OS supporting TLS1.2.
> My solution was to recompile the openssl package and reverting those
> changes back to the former default.
> This is not complicated, just "apt-get source openssl" and then comment
> "tls1_2_default.patch" in SRCDIR/debian/patches/series.
> Rebuild, install, "apt-mark hold libssl1.1 openssl" and your are done.
> You need to repeat this procedure every update to the package, of course.
> Grüße,
> Sven.
> -
> List info/subscribe/unsubscribe? See

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Freeradius-Users mailing list