On 24/05/13 12:47, Pieter Hulshoff wrote:
I guess that if we want to use AEAD cyphers we'll need to find another TLS library or adapt/contribute to OpenSSL?
I think they're supported as of OpenSSL 1.0.1, so merely compiling against that should be sufficient, but both ends then need to use TLS v1.2 and, as I say, most do not.
(I'm also not sure if FreeRADIUS explicitly forces a specific TLS version - it might, check the source code)
The EAP-TLS Finished (type=20) are secured/signed with this negotiated cipher though, correct?
Off the top of my head, everything after the change cipher spec is encrypted with the negotiated symmetric cipher, yes.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
