[RADIATOR] Issue with EAP Authentication

Dubravko Penezic dpenezic at srce.hr
Wed Jul 29 12:27:56 UTC 2020


Hi all,

Level 0 work , unfortunately we have one server which need that
"correction". Also it is good idea to use that configuration only for
RADIATOR using config option of systemd.

However, changing certificate is best options.

Regards,
Dubravko

On 7/29/20 2:21 PM, Heikki Vatiainen wrote:
> On 28.7.2020 20.00, Brandon Shiers wrote:
> 
>> Tue Jul 28 10:53:17 2020: ERR: TLS could not use_certificate_file
>> /etc/radiator/cert/certificates/radius.pem, 1:  2956: 1 -
>> error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
>>
>> The key is signed with 2048-bits and RSA encryption, md5.  I’m using
>> the AuthbyFreeRadius handler for this.
>>
>> I sent a message yesterday but I wasn’t getting any replies, so I’m
>> not sure if it was blocked due to spam or not.  I’m not sure where I
>> need to go.  I don’t really want to regenerate new certificates but if
>> that’s my only option I will. I did set EAPTLS_SecurityLevel to 1 and
>> that didn’t help.
> 
> For security levels, see this:
> 
> https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_get_security_level.html
> 
> It appears that even level 1 is too strict for MD5. Level 0 likely
> works, but it might be a better idea to regenerate the certs like Chris
> suggested.
> 
> Thanks,
> Heikki
> 



More information about the radiator mailing list