TLS 1.3 Configuration

Alan DeKok aland at
Wed Dec 14 15:11:32 UTC 2022

On Dec 14, 2022, at 8:39 AM, Boby Tharappel <bobytharappel.mec at> wrote:
> a works, but I'm trying to get Tls 1.3 connections only. Supplicant 2.10
> supports tls 1.3 according to their documentations.

  Then it needs to be configured to use TLS 1.3.

  We test v3 with TLS 1.3 and wpa_supplicant, but we use a version from git, which works.

> The protocol version doesn't match---> I have a question here, it seems the
> server received a 1.3 handshake, but returned a 1.2 alert? What might be
> causing that?

  TLS nonsense.  The version in the TLS packets is 1.2... or 1.3... mostly, until it's negotiated.  And then the version becomes stable.

  So the error is important.  The TLS versions printed before that are less useful, and don't really mean much.

  Alan DeKok.

More information about the Freeradius-Users mailing list