On 28.7.2020 20.00, Brandon Shiers wrote:
Tue Jul 28 10:53:17 2020: ERR: TLS could not use_certificate_file
/etc/radiator/cert/certificates/radius.pem, 1: 2956: 1 -
error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
The key is signed with 2048-bits and RSA encryption, md5. I’m using the
AuthbyFreeRadius handler for this.
I sent a message yesterday but I wasn’t getting any replies, so I’m not
sure if it was blocked due to spam or not. I’m not sure where I need to
go. I don’t really want to regenerate new certificates but if that’s my
only option I will. I did set EAPTLS_SecurityLevel to 1 and that didn’t
help.
For security levels, see this:
https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_get_security_level.html
It appears that even level 1 is too strict for MD5. Level 0 likely
works, but it might be a better idea to regenerate the certs like Chris
suggested.
Thanks,
Heikki
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
