RC4 is particularly broken now: https://www.rc4nomore.com https://www.rc4nomore.com/vanhoef-usenix2015.pdf
In conjunction with https://tools.ietf.org/html/rfc7465 , it is probably time for RADIUS servers to comply with this by default unless explicitly configured otherwise: "o TLS servers MUST NOT select an RC4 cipher suite when a TLS client sends such a cipher suite in the ClientHello message. o If the TLS client only offers RC4 cipher suites, the TLS server MUST terminate the handshake. The TLS server MAY send the insufficient_security fatal alert in this case." _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
