[Pkg-freeradius-maintainers] Bug#1012330: accepted ciphers

Kamil Jońca kjonca at poczta.onet.pl
Sat Jun 4 18:40:54 BST 2022 

based on 

%diff <(openssl ciphers -s -v 'TLSv1 at SECLEVEL=1') <(openssl ciphers -s -v 'TLSv1 at SECLEVEL=0')
5a6
> AECDH-AES256-SHA               TLSv1   Kx=ECDH     Au=None  Enc=AES(256)               Mac=SHA1
7a9,12
> AECDH-AES128-SHA               TLSv1   Kx=ECDH     Au=None  Enc=AES(128)               Mac=SHA1
> ECDHE-ECDSA-NULL-SHA           TLSv1   Kx=ECDH     Au=ECDSA Enc=None                   Mac=SHA1
> ECDHE-RSA-NULL-SHA             TLSv1   Kx=ECDH     Au=RSA   Enc=None                   Mac=SHA1
> AECDH-NULL-SHA                 TLSv1   Kx=ECDH     Au=None  Enc=None                   Mac=SHA1

I configured:

==========
 cipher_list = "AECDH-AES256-SHA:AECDH-AES128-SHA:TLSv1.0:DEFAULT"
 tls_min_version= 1.0
 tls_max_version = 1.3
==========
And this also seems to work.
KJ

-- 
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html

More information about the Pkg-freeradius-maintainers mailing list