Hello,
I'm currently setting up our radsecproxy for the use with Eduroam. The TLS connection seems to be not possible though.
When I try to start the daemon, I get the following error in the log file:
sslreadtimeout: SSL: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
My certificate is definetly valid and I've configured the right certificate chain.
When I try to connect to the federation radius server (by DFN here in Germany) manually with openssl s_client it works, but only using tls 1.0,tls 1.1 and tls 1.2. It does not work with TLS 1.3.
Any idea why this is happening? So the real problem is: It works with all other TLS versions, but not 1.3. Is there a way to force OpenSSL lib to use only 1.2 somehow?
Thank you in advance to you all.
Marc Sauer