package: freeradius severity: important version: 3.0.17+dfsg-1 justification: regression that totally breaks connectivity tags: upstream
I've cc'd Kurt because he requested openssl 1.3 test results a while back. While writing automated tests for moonshot-gss-eap, I discovered that by default freeradius will not constrain the version of TLS in use (probably good), but that its ttls implementation fails with TLS 1.3. Things work fine if I explicitly set the max TLS version to 1.2. Based on the errors I suspect that the issue had to deal with the handling of the ttls TLS session ticket used by TTLS for fast reauthentication. My suspicion (and recollection from the spec) is that ttls knows more about session internals than it should. As a quick fix, I think the ttls code should limit the maximum TLS version to 1.2 until the code can be fixed to work with 1.3. Please do not limit all freeradius uses of TLS to 1.2: in particular I'd really like to be able to use tls 1.3 with radsec. Also, I strongly recommend making this change in code not in config files. People tend not to update their configs once they get one working. To reproduce, grab the moonshot-gss-eap sources. Comment out the TLS_MAX_VERSION on line 366 of debian/tests/freeradius/eap and then rerun autopkgtest on the resulting source package.