[RADIATOR] Radiator Version 4.15 released - security fixes and enhancements

Nick Lowe nick.lowe at lugatech.com
Thu Jul 16 09:04:36 CDT 2015

RC4 is particularly broken now:


In conjunction with https://tools.ietf.org/html/rfc7465 , it is
probably time for RADIUS servers to comply with this by default unless
explicitly configured otherwise:

"o TLS servers MUST NOT select an RC4 cipher suite when a TLS client
sends such a cipher suite in the ClientHello message.
 o If the TLS client only offers RC4 cipher suites, the TLS server
MUST terminate the handshake.  The TLS server MAY send the
insufficient_security fatal alert in this case."

More information about the radiator mailing list