TLS support

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

TLS support

Turner, Randy
Hi

Just curious if anyone on the list could comment on the possibility of FreeRadius support for TLS 1.3 in the EAP-TLS implementation ?

Thanks,
Randy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|

Re: TLS support

arr2036

> On May 12, 2017, at 11:39 AM, Turner, Randy <[hidden email]> wrote:
>
> Hi
>
> Just curious if anyone on the list could comment on the possibility of FreeRadius support for TLS 1.3 in the EAP-TLS implementation ?

TLS 1.3 hasn't been standardised yet, it's currently on draft 19.  What in particular were you looking for from TLS 1.3?

In any case we use OpenSSL as the crypto library.  Other than occasionally updating the PMK derivation algorithms, there's usually not much FreeRADIUS needs to do to support new TLS versions.

-Arran

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

signature.asc (859 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: TLS support

arr2036

> On May 12, 2017, at 12:57 PM, Arran Cudbard-Bell <[hidden email]> wrote:
>
>
>> On May 12, 2017, at 11:39 AM, Turner, Randy <[hidden email]> wrote:
>>
>> Hi
>>
>> Just curious if anyone on the list could comment on the possibility of FreeRadius support for TLS 1.3 in the EAP-TLS implementation ?
>
> TLS 1.3 hasn't been standardised yet, it's currently on draft 19.  What in particular were you looking for from TLS 1.3?
>
> In any case we use OpenSSL as the crypto library.  Other than occasionally updating the PMK derivation algorithms, there's usually not much FreeRADIUS needs to do to support new TLS versions.
Looks like it's included in OpenSSL 1.1.1.  I believe FreeRADIUS v3.0.x is compatible with 1.1.x, and v4 definitely is.  Try building it and see if it works? :)

-Arran

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

signature.asc (859 bytes) Download Attachment