[RADIATOR] Radiator Version 4.15 released - security fixes and enhancements
Nick Lowe
nick.lowe at lugatech.com
Thu Jul 16 09:04:36 CDT 2015
RC4 is particularly broken now:
https://www.rc4nomore.com
https://www.rc4nomore.com/vanhoef-usenix2015.pdf
In conjunction with https://tools.ietf.org/html/rfc7465 , it is
probably time for RADIUS servers to comply with this by default unless
explicitly configured otherwise:
"o TLS servers MUST NOT select an RC4 cipher suite when a TLS client
sends such a cipher suite in the ClientHello message.
o If the TLS client only offers RC4 cipher suites, the TLS server
MUST terminate the handshake. The TLS server MAY send the
insufficient_security fatal alert in this case."
More information about the radiator
mailing list