On 07/31/2015 05:16 PM, Nick Lowe wrote: > Isn't $Net::SSLeay::VERSION available, from which you could refuse to > start Radiator if Net:SSLeay <= 1.46 is detected and you can't disable > TLS 1.2?
Yes, that's the key for figuring out what should work. The OpenSSL library version is also available to help with decision making. What I am also concerned of making sure that iOS9 and El Capitan clients, and apparently the next Android clients too, won't cause surprising problems. By defaulting to what is known to always works is safe, but with care it should be possible to make a more smarter choice too. I noticed your other message too, and failing to start might be too severe action to take. I'd rather see Radiator defaulting to TLS 1.0 in this case and logging a message that TLS 1.1 and 1.2 are not available. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
