freeradius - TLS1.3 support
Alan DeKok
aland at deployingradius.com
Fri Feb 14 16:29:43 UTC 2025
On Feb 14, 2025, at 10:53 AM, Akhil Pillai <akhilpillai101 at gmail.com> wrote:
> This one should have the whole debug out i think.
Thanks.
From looking at it, I suspect that the issue is the client doesn't support TLS 1.3.
In general, it's best to start debugging with the TLS configuration as wide open as possible. Allow TLS 1.1, 1.2, all ciphers suites, etc. Then test it, and gradually make it more secure.
That way if it stops working, you know exactly what change make it stop working.
The problem with just mashing all of the TLS configuration at the same time is that you have no idea whether TLS works at all, or which part of the changes made it stop working.
Alan DeKok.
More information about the Freeradius-Users
mailing list