RADSEC / TLS errors but not sure why
James Wood
james.wood at purplewifi.com
Mon Aug 7 19:37:23 UTC 2023
I too initially assumed it was the client that was the problem, but because
I can call another public server, with the same signed certificate (just a
different CN/Alt names - all Openroaming issued certs are the same CA etc)
as I'm trying to use, and the client successfully negotiates SHA384, with a
peer signature type of ECDSA, using TLSv1.3 and cipher
TLS_AES_256_GCM_SHA384, then I can't see how the client is the problem. I
seem to be able to use openssl s_client against any TLS host and get a
valid response, just not my host.
I am not restricting (that I'm aware of) anything in the openssl config on
the host so it should be able to use TLS_AES_256_GCM_SHA384, which is
inside the Client Hello packet capture.
Running "openssl ciphers" on the server provided that supported list in the
previous message.
I'll look more into the server side of things now. Do you have any pointers
as to what could be restricting the available ciphers on the server?
Thanks
More information about the Freeradius-Users
mailing list