Not able to block a specific TLS1.3 cipher
Alan DeKok
aland at deployingradius.com
Thu Apr 24 10:42:21 UTC 2025
On Apr 24, 2025, at 6:29 AM, Akhil Pillai <akhilpillai101 at gmail.com> wrote:
>
> I have been trying to use only a specific tls1.3 cipher but it fails. I
> want to use only SHA256. Below is the debug out.
> ...
> tls: (TLS) Failed setting cipher list: error:0A0000B9:SSL routines::no
> cipher match
> rlm_eap_tls: Failed initializing SSL context
> rlm_eap (EAP): Failed to initialise rlm_eap_tls
> /etc/freeradius3/mods-enabled/eap[14]: Instantiation failed for module "eap"
>
> Any idea why this fails?
This is an error from OpenSSL. It means that there is no such cipher as "TLS_AES_128_GCM_SHA256"
See the OpenSSL documentation for a list of what ciphers it supports.
Alan DeKok.
More information about the Freeradius-Users
mailing list