Reduce TLS Handshake Certificate Request Types and Hash Algorithms?

Alan DeKok aland at
Thu Jun 10 20:59:52 CEST 2021

On Jun 10, 2021, at 2:57 PM, James Ko <jim.list at> wrote:
> In a TLS handshake the Server Certificate Request contains 3 types RSA Sign, DSS Sign, and ECDSA Sign along with 20 Signature Hash Algorithms.
> Is it possible to configure freeradius to allow only ECDSA and one Hash Algorithm, or is this dictated by openssl/libopenssl reporting supported types.

  See "cipher_list" in mods-enabled/eap.  The string contents are passed directly to OpenSSL.  See the OpenSSL documentation for what names to use, and how to format them.

  Alan DeKok.

More information about the Freeradius-Users mailing list