Walter Goulet wrote: > > How does FreeRADIUS's rlm_eap module choose the cipher suite used for > EAP-TLS/TTLS sessions?
It relies on OpenSSL to do the negotiation. > RFC 2246 for TLS states that the client presents the list of > ciphersuites supported to the server and the server picks one that it > supports. > > Is there a way to configure FreeRADIUS to only use a specific set of > ciphersuites? The goal is that in some cases it may be desireable to > restrict incoming clients to use a particular suite. Yes. See "cipher_list" in eap.conf. It's documented. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
