[RADIATOR] Apple iOS 9 and OS X El Capitan
Heikki Vatiainen
hvn at open.com.au
Fri Jul 31 09:27:07 CDT 2015
On 07/31/2015 05:16 PM, Nick Lowe wrote:
> Isn't $Net::SSLeay::VERSION available, from which you could refuse to
> start Radiator if Net:SSLeay <= 1.46 is detected and you can't disable
> TLS 1.2?
Yes, that's the key for figuring out what should work. The OpenSSL
library version is also available to help with decision making.
What I am also concerned of making sure that iOS9 and El Capitan
clients, and apparently the next Android clients too, won't cause
surprising problems. By defaulting to what is known to always works is
safe, but with care it should be possible to make a more smarter choice too.
I noticed your other message too, and failing to start might be too
severe action to take. I'd rather see Radiator defaulting to TLS 1.0 in
this case and logging a message that TLS 1.1 and 1.2 are not available.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list