[RADIATOR] Apple iOS 9 and OS X El Capitan

Howard, Christopher Christopher-Howard at utc.edu
Fri Jul 31 09:04:31 CDT 2015


We're running CentOS 6 here and fixed the TLSv1.2 issue with these new
OSes.  You're correct that using yum to install Net::SSLeay will result in
not being able to use newer versions of TLS.

However, I've always used the CPAN shell to build and install perl
modules.  Doing this works perfectly fine and it's almost as easy as using
yum.  We're running Net::SSLeay v1.70 here without any problems on CentOS
6.

-Christopher



On 7/31/15, 9:57 AM, "Heikki Vatiainen" <hvn at open.com.au> wrote:

>On 07/31/2015 12:11 PM, Nick Lowe wrote:
>> Surely, the best solution is to check for the availability of the
>> SSL_export_keying_material. If it is not available, disable TLS 1.2.
>
>This is certainly the best solution, provided Net::SSLeay version is at
>least 1.46. This is the first version that allows disabling TLS 1.2 (and
>TLS 1.1).
>
>The OpenSSL API allows creating SSL_CTX for one TLS/SSL version only, or
>for all supported versions which means the undesired versions need to be
>disabled separately. This is why Net:SSLeay 1.46 or more recent would be
>needed.
>
>http://www.openssl.org/docs/ssl/SSL_CTX_new.html
>
>> I definitely do not think that it is a great idea to disable support
>> for TLS 1.2 by default.
>
>We'll check what can be done. Unfortunately it looks like RHEL/CentOS 6
>won't work with TLS 1.2 out of the box because of the old Net:SSLeay.
>Fortunately it appears that for more recent Net::SSLeay and OpenSSL
>combinations TLS 1.1 and 1.2 can be left enabled.
>
>Thanks,
>Heikki
>
>-- 
>Heikki Vatiainen <hvn at open.com.au>
>
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>NetWare etc.
>_______________________________________________
>radiator mailing list
>radiator at open.com.au
>http://www.open.com.au/mailman/listinfo/radiator



More information about the radiator mailing list