freeradius - TLS1.3 support
Alan DeKok
aland at deployingradius.com
Wed Feb 19 18:04:00 UTC 2025
On Feb 19, 2025, at 12:23 PM, Akhil Pillai <akhilpillai101 at gmail.com> wrote:
>
> Below is the output from the tls1.3 run (wireless)
> ...
>
> (3) eap_tls: (TLS) TLS - recv TLS 1.3 Handshake, ClientHello
> (3) eap_tls: (TLS) TLS - send TLS 1.2 Alert, fatal protocol_version
> (3) eap_tls: ERROR: (TLS) TLS - Alert write:fatal:protocol version
Yup. The other end doesn't do TLS 1.3.
It may seem like the other end does TLS 1.3 due to the initial message of "recv TLS 1.3", but that's a side effect of TLS / OpenSSL. It's confusing, but not that relevant.
So TLS and OpenSSL are confusing, but the "fatal protocol_version" is definitive. The other end doesn't support the TLS protocol version that FreeRADIUS is using.
ALan DeKok.
More information about the Freeradius-Users
mailing list