Authentication problems with some devices: TLS version too low
Lars Veldscholte
lars at tuxplace.nl
Sat Sep 9 20:59:26 CEST 2017
I tried it using packages from sid, but that wouldn't compile on my
system (with dpkg-buildpackage). So initially I gave up, but currently
Buster is on the same OpenSSL version as Sid (1.1.0f-5), so I did the
same thing with the packages downloaded from apt source.
They built fine and I think my change in OpenSSL worked. I can
successfully connect using TLS1.0 (tested with openssl s_client -connect
google.com:443 -tls1). I should note that I haven't tested this *before*
(with the 'unmodded' OpenSSL) though, but I assume that the above test
would have failed.
However it did not have any effect on FreeRADIUS, I'm getting the same
error as before. Of course I did restart my FreeRADIUS service.
How can I check what libssl FreeRADIUS is using? I noticed that there
are two libssl versions installed on my system: libssl1.0.2 and
libssl1.1. I only made the change in libssl1.1. Could it be that
FreeRADIUS is using the former instead?
Thanks,
Lars
On 02/09/2017 18:24, Sven Hartge wrote:
> On 02.09.2017 17:56, Lars Veldscholte wrote:
>
>> So I tried your advice, but there doesn't seem to be a patch with that
>> name.
>
> Ah, Testing, right. I am on Sid, where OpenSSL is one Debian release
> newer. Get the source from Sid and use that to recompile it.
>
> Grüße,
> Sven.
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170909/0d0200dd/attachment.sig>
More information about the Freeradius-Users
mailing list