RADSEC / TLS errors but not sure why
James Wood
james.wood at purplewifi.com
Mon Aug 7 20:17:12 UTC 2023
> I've tried repeatedly to explain, so I'm not sure what isn't getting
across. It's NEGOTIATION. That means BOTH SIDES HAVE TO AGREE ON THE
CIPHERS.
I know, and understand. I am reading your replies, and they are most helpful.
I am asking follow up questions because although everything you are saying
makes sense, I haven't been able to get it working.
I am using an out the box freeradius 3.2.3 config with modified tls and eap
sections as per my original post. I thought you said openssl handles all
the TLS comms, therefore apart from setting the path to my certs, what else
can I do in freeradius config to help? Therefore the comments and
documentation don't help me solve this because I've not set anything that
would cause this.
I am using an out the box ubuntu installation and openssl library with no
cipher restrictions set either side.
When I start a server using:
------
openssl s_server
-key /usr/local/etc/raddb/certs/my_key.key
-cert /usr/local/etc/raddb/certs/my_key.crt
-chainCAfile /usr/local/etc/raddb/certs/my_key.ca
-accept 2083 -www
------
the same client can successfully establish a connection, but that fails
when the freeradius daemon is running using the same key/cert/ca
This is why I am bouncing messages back and forth, not because I'm
questioning your advice. Please don't take it that I'm not listening.
More information about the Freeradius-Users
mailing list