TLS questions

Matthew Newton mcn at freeradius.org
Tue Nov 19 11:41:04 CET 2019


On Tue, 2019-11-19 at 10:25 +0000, Alex Sharaz via Freeradius-Users
wrote:
> 1). I'm looking to reject external incoming TLS auth . requests with
> client certs containing a specific pattern in their CN.
> 
> Other than configuring check-eap-tls and linking it into
> /etc/freeradius/sites-enabled, is there anything else I need to do ?

Enable virtual_server in mods-available/eap tls{} section to point to
it.

> 2). I've just downloaded  3.0.20 and when firing up on my test server
> I get  a message recommending that I set min_tls to 1.2 ..... fine
> but where do I configure it?

Typo, thanks - fixed.

It's tls_min_version, in mods-available/eap.

-- 
Matthew




More information about the Freeradius-Users mailing list