[Pkg-freeradius-maintainers] Bug#919234: ttls fails with tls 1.3, enabled by default

[Sam Hartman]

package: freeradius
severity: important
version: 3.0.17+dfsg-1
justification: regression that totally breaks connectivity
tags: upstream


I've cc'd Kurt because he requested openssl 1.3 test results a while
back.

While writing automated tests for moonshot-gss-eap, I discovered that
by default freeradius will not constrain  the version of TLS in use
(probably good), but that its ttls implementation fails with TLS 1.3.
Things work fine if I explicitly set the max TLS version to 1.2.

Based on the errors I suspect that  the issue had to deal with the
handling of the ttls TLS session ticket used by TTLS for fast
reauthentication.
My suspicion (and recollection from the spec) is that ttls knows more
about session internals than it should.

As a quick fix, I think the ttls code should limit the maximum TLS
version to 1.2 until the code can be fixed to work with 1.3.


Please do not limit all freeradius uses of TLS to 1.2: in particular I'd
really like to be able to use tls 1.3 with radsec.
Also, I strongly recommend making this change in code not in config
files.  People tend not to update their configs once they get one
working.

To reproduce, grab the moonshot-gss-eap sources.
Comment out the TLS_MAX_VERSION on line 366 of
debian/tests/freeradius/eap and then rerun autopkgtest on the resulting
source package.