On freeradius does it use the size of the key or do you have to specify somewhere?
When I put in a dh key that is 2048 and run in debug mode I see the following Tue Sep 15 09:30:18 2015 : Debug: Module: Instantiating eap-tls Tue Sep 15 09:30:18 2015 : Debug: tls { Tue Sep 15 09:30:18 2015 : Debug: rsa_key_exchange = no Tue Sep 15 09:30:18 2015 : Debug: dh_key_exchange = yes Tue Sep 15 09:30:18 2015 : Debug: rsa_key_length = 512 Tue Sep 15 09:30:18 2015 : Debug: dh_key_length = 512 But I verified the file itself. [root@aaa-maccvm-05 certs]# openssl dhparam -in dh -text -noout PKCS#3 DH Parameters: (2048 bit) ------------------------ Walter Reynolds Principal Systems Security Development Engineer Information and Technology Services University of Michigan (734) 615-9438 On Mon, Sep 14, 2015 at 8:43 AM, Christopher Michael Allison < chris.m.alli...@siu.edu> wrote: > Actually, We Upgraded to FreeRadius 2.2.8 to solve some issues with iOS9. > We have been using a 2048 bit Diffie-Hellman. And it is a must do ASAP as > when it rolls out official you will have issues with clients connecting. > Also if you aren't on FreeRadius 2.2.7 or higher you will run into the same > issues that we did. Radius will answer the iOS9 clients TLS v1.2 Hello but > can't transmit anything back to it so the client will never authenticate. > > Thanks, > > CHRISTOPHER ALLISON > Network Engineer I > > Information Technology > Mail Code 4622 > 625 Wham Drive > Carbondale, Illinois 62901 > > chris.m.alli...@siu.edu > P: 618 / 453 - 8415 > F: 618 / 453 - 5261 > INFOTECH.SIU.EDU > > > > "Choose a job you love, and you will never have to work a day in your > life." > Confucius > > ________________________________________ > From: The EDUCAUSE Wireless Issues Constituent Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Bruce Curtis < > bruce.cur...@ndsu.edu> > Sent: Sunday, September 13, 2015 6:14 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] FreeRADIUS Diffie-Hellman Keys and iOS9 > > We just upgraded to 2048 bit Diffie-Helman won September 3. We had a > person come to the help desk with a Chromebook that stopped connecting to > the wireless on September 1, after an OS update. We had been using a 512 > bit Diffie Helman key. > > > > 2015-09-03T18:01:36.709399+00:00 NOTICE wpa_supplicant[472]: OpenSSL: > openssl_handshake - SSL_connect error:14082174:SSL > routines:ssl3_check_cert_and_algorithm:dh key too small > > On Sep 11, 2015, at 4:55 PM, Curtis K. Larsen <curtis.k.lar...@utah.edu> > wrote: > > > Hello, > > > > Are any other FreeRADIUS users planning to upgrade to 2048 bit > Diffie-Hellman keys before the iOS9 release? Just came across these and > thinking it's a must do ASAP: > > > > https://support.apple.com/en-us/HT204932 > > > https://community.jisc.ac.uk/blogs/8021x-clients-and-radius-server-supporting-bigger-diffie-hellman-dh-keys > > > > > > Thanks, > > > > Curtis Larsen > > University IT/CIS > > Sr. Network Engineer > > > > > > > > ********** > > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > --- > Bruce Curtis bruce.cur...@ndsu.edu > Certified NetAnalyst II 701-231-8527 > North Dakota State University > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.