[RADIATOR] TLS 1.1 and TLS 1.2 Support in Radiator

Nick Lowe nick.lowe at lugatech.com
Thu Nov 6 06:36:50 CST 2014

Dear all,

A quick question: Does Radiator support TLS 1.1 and TLS 1.2 with the
TLS-based EAP types that it implements when paired with a
feature-capable version of OpenSSL?

The FreeRADIUS maintainers found that the code was calling
TLSv1_method() rather than the very poorly named SSLv23_method(),
inadvertently prohibiting the use of the newer TLS versions.

When SSLv23_method() is called, SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3
are specified to prohibit the use of these old protocols.

This is documented at https://www.openssl.org/docs/ssl/SSL_CTX_new.html

The upcoming FreeRADIUS 2.2.6 and 3.0.5 releases will allow TLS 1.1
and TLS 1.2 to be used by EAP clients, and by default:




Microsoft also now support TLS 1.1 and TLS 1.2 with their TLS-based
EAP implementations when configured through a TlsVersion bit
flags-based DWORD in the Registry.
[This covers Network Policy Server (NPS) therefore...]

See "More Information" towards the end of

As somebody who is not yet familiar with Radiator, I am therefore
curious what the state of play is.



More information about the radiator mailing list