Hello all, we have now added RSA2048/SHA256 and ECDSA(curve secp256r1)/SHA256 test certificates to Radiator 4.13 patches.
RSA2048/SHA256 certificates requires OpenSSL that includes SHA2 in SSL_library_init() or [1]. Please note that certificates are now longer which means when using them, for example, with PEAP there will be more EAP fragments. Some access points might have problems with them, so if you have not yet adjusted EAPTLS_MaxFragmentSize you may need to do so. ECDSA(curve secp256r1)/SHA256 certificates require OpenSSL 1.0.0 or newer. For ephemeral EC keying Radiator patch dated 2014-09-25 and Net-SSLeay 1.58 or newer is required. This may be interesting for long lived sessions, such as RadSec links. We have tested that Radiator supports ECDSA certificates in all SSL/TLS related operations including RadSec, Diameter, PEAP, EAP-TTLS, EAP-TLS, etc. Client support for ECDSA certificates seems to be widely available. Mobile platforms such as Android version starting 4.1.2, iOS7/8 and WP8 support ECDSA certificates according to our tests. Windows 7 and modern Linux based distributions seem to be working also. If you are encountering fragmentation problems with RSA2048/SHA256 certificates, ECDSA certificates might be a worth trying as they are significantly shorter. Configuration examples for EAPs, RadSec, Diameter, etc. will be updated today. [1] SHA-256 support can be made to work with Net-SSLeay 1.46 which supports OpenSSL_add_all_algorithms() and a one line addition to Radiator to call this function. Best Regards, Sami -- Sami Keski-Kasari <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
