TLS version mismatch EAP TLS

Alan DeKok aland at deployingradius.com
Fri Apr 16 15:05:47 CEST 2021


On Apr 16, 2021, at 8:50 AM, De Sylvain <starzzzzzz23 at gmail.com> wrote:
> Accros few link(show below) I understood that TLS 1.3 was not correctly
> supported on freeradius.

  No.

  The previous messages I posted about this are very clear.

  THERE IS NO STANDARD FOR USING TLS 1.3 WITH EAP.  THE STANDARD DOES NOT EXIST.  THEREFORE NO ONE SHOULD USE TLS 1.3 WITH EAP.

  It is wrong to say the "TLS 1.3 is not correctly supported on FreeRADIUS".   It is correct to say that EAP-TLS does not support TLS 1.3.

> I have the same issue like this post #3665
> <https://github.com/FreeRADIUS/freeradius-server/issues/3665> However my
> window client is correctly configured and it do no use tls version 1.3.

  No.  It's still doing TLS 1.3.  FreeRADIUS isn't lying to you.

  http://lists.freeradius.org/pipermail/freeradius-users/2020-November/099104.html

  This has all been discussed before on the mailing list, and on GitHub where it looks like you posted this same question.  The answer hasn't changed.

  Configure "cipher_list" as noted there, and by Jochem.  Or, use the v3.0.x branch from GitHub.

  Alan DeKok.




More information about the Freeradius-Users mailing list