I was also . wondering how we tell radsecproxy to only use TLS 1.2
A
On Wed, 27 Nov 2019 at 13:59, Marc Sauer m.sauer@khm.de wrote:
Hello,
I'm currently setting up our radsecproxy for the use with Eduroam. The TLS connection seems to be not possible though.
When I try to start the daemon, I get the following error in the log file:
sslreadtimeout: SSL: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
My certificate is definetly valid and I've configured the right certificate chain.
When I try to connect to the federation radius server (by DFN here in Germany) manually with openssl s_client it works, but only using tls 1.0,tls 1.1 and tls 1.2. It does not work with TLS 1.3.
Any idea why this is happening? So the real problem is: It works with all other TLS versions, but not 1.3. Is there a way to force OpenSSL lib to use only 1.2 somehow?
Thank you in advance to you all.
Marc Sauer
-- Marc Sauer Linux Systems Administrator
Kunsthochschule für Medien Köln/ Academy of Media Arts Cologne Peter-Welter-Platz 2 50676 Köln
https://www.khm.de https://en.khm.de
radsecproxy mailing list radsecproxy@lists.nordu.net https://lists.nordu.net/listinfo/radsecproxy