On 2024-04-17, Kapetanakis Giannis <bil...@edu.physics.uoc.gr> wrote: > One idea if you have old devices that cannot upgrade to a newer SSL/TLS > protocol would be to run some kind of proxy between the client and the radius > server (stunnel?) > > Don't know how well this plays with EAP. > Maybe this will only work with EAP-TTLS ?
That isn't going to work. > Another idea, since you run your own custom freeradius, is to recompile it > and link with another openssl library that has old SSL/TLS enabled. That may be an option, if you don't need some other library which pulls in libssl/libcrypto (otherwise there will be a conflict). -- Please keep replies on the mailing list.
