> Sadly, there are RADIUS servers which suffer from TLS version intolerance and will refuse authentication when the client offers TLS 1.3
This statement is completely missing the point. There are *no standards available* for using TLS 1.3 with *any* EAP method. The IETF is working on them, but they are in flux, and have not yet been published. EAP-TLS and TLS 1.3 is being defined here: https://tools.ietf.org/html /draft-ietf-emu-eap-tls13-05 TLS 1.3 for other EAP methods is being defined here: https://tools.ietf.org/html/draft-dekok-emu-tls-eap-types-00 > still, this is a bug that should be fixed in Ubuntu, preferably by backporting wpasupplicant 2.7. The bug is that the shipped versions wpasupplicant and FreeRADIUS allow negotiation of TLS 1.. Even though the standards that defining TLS 1.3 with EAP didn't exist. This issue only happens in older versions of the software. For FreeRADIUS, it's 3.0.15 and before. i.e. this was fixed two years ago in 3.0.16. The solution for the distributions is one of two paths: 1. Upgrade to newer versions of the software that disable support for TLS 1.3 by default 2. Patch the older versions of the software to disable TLS 1.3 by default -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823053 Title: wpasupplicant 2.6 w/ openssl 1.1.1 triggers TLSv1.3 version intolerance on WPA2-Enterprise networks on Cosmic and Disco To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1823053/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
