"No shared cipher" error but listed in preferred ciphers
David B Funk
dbfunk at engineering.uiowa.edu
Mon Nov 24 21:51:01 UTC 2025
Not a suggestion on your entryption issue, but have you checked to see if there
are firmware updates available for your old switches?
The original HP (now HPE) was pretty good about providing firmware for those
old switches (back in the day when they made them from real metal ;)
On Mon, 24 Nov 2025, Nicolas Godbert via Freeradius-Users wrote:
> Hello,
>
> I try to recycle some old HPE switches as radius client using EAP-TLS
> based protocols for test only.
> They are using old deprecated ciphers, so i rebuild openssl for legacy
> suites on a raspbian (I know, it's bad idea and not secure).
>
> # openssl ciphers -v ALL | grep RC4
> RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128)
> Mac=MD5
>
> So, when the server freeradius and the switch try to negociate, i can
> see in the logs that the cipher RC4-MD5 is now common for the two devices.
>
[snip...]
> Do you have some hints to help debug further please ?
> Thank you in advance.
>
> Best regards,
>
>
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
More information about the Freeradius-Users
mailing list