EAP-TLS not working with ECC Keys
n5d9xq3ti233xiyif2vp at pm.me
n5d9xq3ti233xiyif2vp at pm.me
Thu Sep 19 13:46:03 UTC 2024
On Thursday, 19 September 2024 at 13:17, Alan DeKok <aland at deployingradius.com> wrote:
> A little bit of google shows this: https://github.com/libressl/portable/issues/1058
>
> It's a bug in libressl or OpenSSL.
>
Good find, thanks. Its probably libressl in my case since this is an OpenBSD box.
I have inadvertently stumbled accross a work-around:
1. Change ecdh_curve to empty string (i.e. "")
2. Change tls_max_version to 1.2
Changing the tls_max_version alone didn't fix it, its appears to be some behind-the-scenes combination of tls_max_version and empty string ecdh_curve that kicks things back into life.
I've now got WPA2-Enterprise working. Getting WPA3-Enterprise working appears to be a different story ? From what I can tell on the internet, WPA3-Enterprise is very fussy about what is in the certificates ? e.g. the reference to "WPA3.1 page 12" on this site: https://wiki.alpinelinux.org/wiki/FreeRadius_EAP-TLS_configuration
More information about the Freeradius-Users
mailing list