EAP-TLS failure

Stephen kbaegis at gmail.com
Thu Oct 18 01:58:51 CEST 2018


Wonderful suggestions, and thanks for the context.

My certs are 8192 bit (sha512WithRSAEncryption) generated with LibreSSL
2.6.5, and my freeradius version is:

radiusd: FreeRADIUS Version 3.0.18 (git #4b32b05a14), for host
x86_64-unknown-linux-gnu, built on Oct  2 2018 at 22:28:12
FreeRADIUS Version 3.0.18 ....

I'll certainly try upgrading freeradius. Any advice on the crypto setup?

Thanks!

On 10/17/18 5:43 PM, Adam Bishop wrote:
> On 17 Oct 2018, at 23:30, Stephen <kbaegis at gmail.com> wrote:
>> wireless with the same cert. The cert still works for strongswan auth.
> A few people have been finding this since upgrading to Mojave.
>
> You'll probably find that you're:
>
> * Running a very old version of FreeRADIUS?
> * Running a very old version of OpenSSL?
> * Using EAP certificates with sha1 hashes/512 bit RSA/DSA, or other obsolete crypto?
>
> The solution is to upgrade the obsolete component.
>
> Adam Bishop
>
>   gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460
>
> jisc.ac.uk
>
> Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
>
> Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.  
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list