Univention Bugzilla – Bug 55182
TLS1.3 with freeradius 3.0.17 fails
Last modified: 2023-02-14 17:39:17 CET
Ältere Geräte können sich nicht verbinden. Nach einiger Recherche sieht es so aus, als würde das Problem durch freeradius 3.0.17 verursacht, in der TLS1.3 noch unvollständig implementiert ist. Siehe dazu hier: https://github.com/FreeRADIUS/freeradius-server/issues/2385 Ein Setzen von 'tls_max_version = "1.2"' in der Konfiguration des EAP Moduls behebt das Problem.
freeradius 3.0.18 seems to be fixed. We should update that component.
(In reply to Nico Stöckigt from comment #0) Older devices cannot connect. After some research, it looks like the problem is caused by freeradius 3.0.17, in which TLS1.3 is still incompletely implemented. See here: https://github.com/FreeRADIUS/freeradius-server/issues/2385 Setting 'tls_max_version = "1.2"' in the configuration of the EAP module solves the problem.
Same on 2022111821000661
The customer noted that newer devices can be affected too as long as they do not prioritize a TLS version.
To set the TLS Version via UCRV is maybe the sustainably for our product i guess