Reduce TLS Handshake Certificate Request Types and Hash Algorithms?

James Ko jim.list at
Thu Jun 10 21:15:12 CEST 2021

>  See "cipher_list" in mods-enabled/eap.  The string contents are passed directly to OpenSSL.  See the OpenSSL documentation for what names to use, and how to format them.

I have cipher_list="ECDHE-ECDSA-AES128-CCM8" and it is the only Cipher Suites listed in the Server Hello portion of the message as captured below.  I would like to also reduce the supported Certificate Hash Algorithms reported in the Certificate Request portion of the TLS message.

Transport Layer Security
    TLSv1.2 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 66
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 62
            Version: TLS 1.2 (0x0303)
            Random: 12747cfe9804564023feaacaed5b3d9be5a06c4b2e7943cfa035166f8c2b5312
            Session ID Length: 0
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (0xc0ae)
            Compression Method: null (0)
            Extensions Length: 22
            Extension: renegotiation_info (len=1)
                Type: renegotiation_info (65281)
                Length: 1
                Renegotiation Info extension
            Extension: max_fragment_length (len=1)
                Type: max_fragment_length (1)
                Length: 1
                Maximum Fragment Length: 2048 (3)
            Extension: ec_point_formats (len=4)
                Type: ec_point_formats (11)
                Length: 4
                EC point formats Length: 3
                Elliptic curves point formats (3)
                    EC point format: uncompressed (0)
                    EC point format: ansiX962_compressed_prime (1)
                    EC point format: ansiX962_compressed_char2 (2)
            Extension: extended_master_secret (len=0)
                Type: extended_master_secret (23)
                Length: 0


More information about the Freeradius-Users mailing list