<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body style='font-size: 10pt; font-family: Verdana,Geneva,sans-serif'>
<p>Hi,</p>
<p>This server is a brand new machine with a new CentOS. We are using version 7.6</p>
<p>[root@cv-radius ~]# cat /etc/centos-release<br />CentOS Linux release 7.6.1810 (Core)</p>
<p>Also i have added the lines</p>
<p>[system_default_sect]<br />MinProtocol = TLSv1.0</p>
<p>to the file /etc/pki/tls/openssl.cnf and the problem still remains.</p>
<p>Pedro Simões</p>
<p><br /> -------- Mensagem reencaminhada --------</p>
<table class="moz-email-headers-table" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr style="height: 15px;">
<th style="height: 15px;" align="RIGHT" valign="BASELINE" nowrap="nowrap">Assunto:</th>
<td style="height: 15px;">Re: [RADIATOR] Fwd: Re: Problem with Radsec connections</td>
</tr>
<tr style="height: 15px;">
<th style="height: 15px;" align="RIGHT" valign="BASELINE" nowrap="nowrap">Data:</th>
<td style="height: 15px;">Thu, 7 Nov 2019 13:05:50 +0200</td>
</tr>
<tr style="height: 15px;">
<th style="height: 15px;" align="RIGHT" valign="BASELINE" nowrap="nowrap">De:</th>
<td style="height: 15px;">Heikki Vatiainen <a class="moz-txt-link-rfc2396E" href="mailto:hvn@open.com.au" rel="noreferrer"><hvn@open.com.au></a></td>
</tr>
<tr style="height: 17.9531px;">
<th style="height: 17.9531px;" align="RIGHT" valign="BASELINE" nowrap="nowrap">Para:</th>
<td style="height: 17.9531px;"><a class="moz-txt-link-abbreviated" href="mailto:radiator@lists.open.com.au" rel="noreferrer">radiator@lists.open.com.au</a></td>
</tr>
</tbody>
</table>
<p><br /> <br /> On 5.11.2019 14.10, Pedro Simões wrote:<br /> </p>
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">The startup logs points to no errors, as you can see bellow:</blockquote>
<p><br /></p>
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">Tue Nov 5 03:33:32 2019 390272: DEBUG: Initialised SSL library: Net::SSLeay 1.88, OpenSSL 1.1.1c 28 May 2019</blockquote>
<p><br /> Which operating system are you using? A Debian Buster user let us know that he needed to do this to let PEAP to work:<br /> <br /> Lowering the MinProtocol level down to TLS1.0 in /etc/ssl/openssl.cnf<br /> makes it work<br /> <br /> [system_default_sect]<br /> MinProtocol = TLSv1.0<br /> <br /> In other words, the system wide OpenSSL policy settings were causing problems. In this case the error was more clear, 'unsupported protocol', but this may show up differently with RadSec.<br /> <br /> This can be controlled with OpenSSL API calls, but Radiator currently does not do it. We are looking into doing this, but it's not part of the current release.<br /> </p>
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">We have this configuration on another machine, but there are some diferences, regarding the software vresions:<br /> <br /> * Tue Nov5 03:35:04 2019: INFO: Using Net::SSLeay 1.66 with SSL/TLS<br /> library version 0x1000105f (OpenSSL 1.0.1e-fips 11 Feb 2013)<br /> * Tue Nov5 03:35:04 2019: NOTICE: Server started: Radiator 4.19 on<br /> cv2-radius.fccn.pt</blockquote>
<p><br /> This looks like an older Linux distribution that has not policy settings like the ones above.<br /> <br /> Please see if the above helps. Also, if you can tell what is the system you are running Radiator on, we can take a look at that also.<br /> <br /> Thanks,<br /> Heikki<br /> </p>
<pre class="moz-signature">--
Heikki Vatiainen <a class="moz-txt-link-rfc2396E" href="mailto:hvn@open.com.au" rel="noreferrer"><hvn@open.com.au></a>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
<a class="moz-txt-link-abbreviated" href="mailto:radiator@lists.open.com.au" rel="noreferrer">radiator@lists.open.com.au</a>
<a class="moz-txt-link-freetext" href="https://lists.open.com.au/mailman/listinfo/radiator" target="_blank" rel="noreferrer">https://lists.open.com.au/mailman/listinfo/radiator</a></pre>
<p><br /></p>
<p><br /></p>
<div>-- <br />
<div class="pre" style="margin: 0; padding: 0; font-family: monospace">_______________________________________________<br /> Pedro Simões - <a href="mailto:psimoes@fccn.pt">psimoes@fccn.pt</a><br /> Área de Serviços de Rede | Network Services Area<br /> Eduroam | TCS | AAI<br /> FCT|FCCN<br /> Av. do Brasil, n.º 101<br /> 1700-066 Lisboa - Portugal<br /> Telefone|Phone +351 218440100; Fax +351 218472167<br /> <a href="http://www.fccn.pt" target="_blank" rel="noreferrer">www.fccn.pt</a> | <a href="http://www.eduroam.pt" target="_blank" rel="noreferrer">www.eduroam.pt</a> || tcs.fccn.pt | rctsaai.fccn.pt</div>
</div>
</body></html>