TLS 1.3

Alan DeKok aland at
Mon May 31 13:38:59 CEST 2021

On May 31, 2021, at 6:15 AM, HERCEK, Marián <marian.hercek at> wrote:
> after upgrading to 3.0.22 I can see many authentication problems with old
> devices (e.g. Android 4.4)

  Those devices don't support TLS 1.3.  They might *ask for* TLS 1.3, but they won't *implement* it properly.

> Using EAP + MSCHAPv2.

  If you read the debug output, you'll see that PEAP doesn't support 1.3, either.

  This is because (for now), we only support TLS 1.3 for EAP-TLS.  The reasons why are complex.

> I configured tls_min_version to “1.0” and tls_max_version to “1.3”.


	tls_max_version = "1.3"

  Alan DeKok.

More information about the Freeradius-Users mailing list