Reduce TLS Handshake Certificate Request Types and Hash Algorithms?
Alan DeKok
aland at deployingradius.com
Thu Jun 10 20:59:52 CEST 2021
On Jun 10, 2021, at 2:57 PM, James Ko <jim.list at hotmail.com> wrote:
>
> In a TLS handshake the Server Certificate Request contains 3 types RSA Sign, DSS Sign, and ECDSA Sign along with 20 Signature Hash Algorithms.
>
> Is it possible to configure freeradius to allow only ECDSA and one Hash Algorithm, or is this dictated by openssl/libopenssl reporting supported types.
See "cipher_list" in mods-enabled/eap. The string contents are passed directly to OpenSSL. See the OpenSSL documentation for what names to use, and how to format them.
Alan DeKok.
More information about the Freeradius-Users
mailing list