TLS 1.3
Alan DeKok
aland at deployingradius.com
Mon May 31 13:38:59 CEST 2021
On May 31, 2021, at 6:15 AM, HERCEK, Marián <marian.hercek at ucm.sk> wrote:
> after upgrading to 3.0.22 I can see many authentication problems with old
> devices (e.g. Android 4.4)
Those devices don't support TLS 1.3. They might *ask for* TLS 1.3, but they won't *implement* it properly.
> Using EAP + MSCHAPv2.
If you read the debug output, you'll see that PEAP doesn't support 1.3, either.
This is because (for now), we only support TLS 1.3 for EAP-TLS. The reasons why are complex.
> I configured tls_min_version to 1.0 and tls_max_version to 1.3.
Use
tls_max_version = "1.3"
Alan DeKok.
More information about the Freeradius-Users
mailing list