Doug Wussler
2018-10-19 13:59:52 UTC
Just FYI, I upgraded to 3.0.17 and compiled with OpenSSL 1.1.1. Debug info still reports UNKNOWN TLS VERSION:
FreeRADIUS Version 3.0.17
Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
(1) eap_peap: TLS_accept: before SSL initialization
(1) eap_peap: <<< recv UNKNOWN TLS VERSION ?0304? [length 0092]
(1) eap_peap: TLS_accept: SSLv3/TLS read client hello
I should also mention that when using OpenSSL 1.1.1 the executable will not launch without this setting in radiusd.conf:
allow_vulnerable_openssl = CVE-2016-6304
which should not be necessary with 1.1.1.
Also, if interested, when attempting to compile with config setting "--without-dhcp" the compilation fails with:
CC src/main/radattr.c
build/objs/src/main/radattr.o: In function `process_file':
/downloads/freeradius-server-3.0.17/src/main/radattr.c:842: undefined reference to `fr_dhcp_decode_options'
/downloads/freeradius-server-3.0.17/src/main/radattr.c:813: undefined reference to `fr_dhcp_encode_option'
collect2: error: ld returned 1 exit status
make: *** [build/bin/local/radattr] Error 1
This information is not intended as a complaint. I love the freeradius application and am very appreciative of
all the work that goes into it. The efforts and responsiveness of both the development team and the community
are extremely robust and helpful.
Doug
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.ht
FreeRADIUS Version 3.0.17
Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
(1) eap_peap: TLS_accept: before SSL initialization
(1) eap_peap: <<< recv UNKNOWN TLS VERSION ?0304? [length 0092]
(1) eap_peap: TLS_accept: SSLv3/TLS read client hello
I should also mention that when using OpenSSL 1.1.1 the executable will not launch without this setting in radiusd.conf:
allow_vulnerable_openssl = CVE-2016-6304
which should not be necessary with 1.1.1.
Also, if interested, when attempting to compile with config setting "--without-dhcp" the compilation fails with:
CC src/main/radattr.c
build/objs/src/main/radattr.o: In function `process_file':
/downloads/freeradius-server-3.0.17/src/main/radattr.c:842: undefined reference to `fr_dhcp_decode_options'
/downloads/freeradius-server-3.0.17/src/main/radattr.c:813: undefined reference to `fr_dhcp_encode_option'
collect2: error: ld returned 1 exit status
make: *** [build/bin/local/radattr] Error 1
This information is not intended as a complaint. I love the freeradius application and am very appreciative of
all the work that goes into it. The efforts and responsiveness of both the development team and the community
are extremely robust and helpful.
Doug
Compiling FreeRADIUS v 3.0.15 with OpenSSL 1.1.1 works just fine.
Upgrade to 3.0.17.Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.ht