Authentication problems with some devices: TLS version too low

Lars Veldscholte lars at
Sat Sep 9 20:59:26 CEST 2017

I tried it using packages from sid, but that wouldn't compile on my 
system (with dpkg-buildpackage). So initially I gave up, but currently 
Buster is on the same OpenSSL version as Sid (1.1.0f-5), so I did the 
same thing with the packages downloaded from apt source.

They built fine and I think my change in OpenSSL worked. I can 
successfully connect using TLS1.0 (tested with openssl s_client -connect -tls1). I should note that I haven't tested this *before* 
(with the 'unmodded' OpenSSL) though, but I assume that the above test 
would have failed.

However it did not have any effect on FreeRADIUS, I'm getting the same 
error as before. Of course I did restart my FreeRADIUS service.

How can I check what libssl FreeRADIUS is using? I noticed that there 
are two libssl versions installed on my system: libssl1.0.2 and 
libssl1.1. I only made the change in libssl1.1. Could it be that 
FreeRADIUS is using the former instead?



On 02/09/2017 18:24, Sven Hartge wrote:
> On 02.09.2017 17:56, Lars Veldscholte wrote:
>> So I tried your advice, but there doesn't seem to be a patch with that
>> name.
> Ah, Testing, right. I am on Sid, where OpenSSL is one Debian release
> newer. Get the source from Sid and use that to recompile it.
> Grüße,
> Sven.
> -
> List info/subscribe/unsubscribe? See

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Freeradius-Users mailing list