[Pkg-freeradius-maintainers] Bug#1012330: accepted ciphers
Kamil Jońca
kjonca at poczta.onet.pl
Sat Jun 4 18:40:54 BST 2022
based on
%diff <(openssl ciphers -s -v 'TLSv1 at SECLEVEL=1') <(openssl ciphers -s -v 'TLSv1 at SECLEVEL=0')
5a6
> AECDH-AES256-SHA TLSv1 Kx=ECDH Au=None Enc=AES(256) Mac=SHA1
7a9,12
> AECDH-AES128-SHA TLSv1 Kx=ECDH Au=None Enc=AES(128) Mac=SHA1
> ECDHE-ECDSA-NULL-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=None Mac=SHA1
> ECDHE-RSA-NULL-SHA TLSv1 Kx=ECDH Au=RSA Enc=None Mac=SHA1
> AECDH-NULL-SHA TLSv1 Kx=ECDH Au=None Enc=None Mac=SHA1
I configured:
==========
cipher_list = "AECDH-AES256-SHA:AECDH-AES128-SHA:TLSv1.0:DEFAULT"
tls_min_version= 1.0
tls_max_version = 1.3
==========
And this also seems to work.
KJ
--
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html
More information about the Pkg-freeradius-maintainers
mailing list