[EXT] TLS 1.3

Alan DeKok aland at deployingradius.com
Mon May 31 14:08:35 CEST 2021


On May 31, 2021, at 7:54 AM, HERCEK, Marián <marian.hercek at ucm.sk> wrote:
> 1) it's very unlikely Android 4.4 supports TLS 1.3

  For HTTPS.  Not for EAP.

  I *do* have some slight understanding of what's going on.  What I find frustrating is people asking questions, and then arguing with the answers.
  
> 2) recv TLS 1.3 Handshake, ClientHello - does it belong to client (Android 4.4) or NAS (e.g. WiFi AP)?

  The WiFi AP doesn't do EAP.  So....

> 3) you mean I have to configure just tls_max_version and not tls_min_version?

  Yes.

  3.0.22 comes with the following defaults:

	tls_min_version = "1.2"
	tls_max_version = "1.2"

  Use that.

  Alan DeKok.




More information about the Freeradius-Users mailing list