plugins icon indicating copy to clipboard operation
plugins copied to clipboard
verified publisher icon opnsense

os-freeradius: EAP max TLS version increase

Open Soswald opened this issue 1 year ago • 0 comments

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

  • [X] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
  • [X] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
  • [X] When the request is meant for an existing plugin, I've added its name to the title.

Describe the solution you'd like Currently the TLS version is hardcoded to a maximum of 1.2 via the entry tls_max_version = "1.2" in the config file /usr/local/etc/raddb/mods-enabled/eap generated by /usr/local/opnsense/service/templates/OPNsense/Freeradius/mods-enabled-eap

Since both OpenSSL (since 1.1.1) and FreeRADIUS (since 3.0.26) support TLS 1.3, the maximum version should probably be increased to this version if nothing else speaks against it.

Describe alternatives you've considered None

Soswald avatar Jun 10 '24 14:06 Soswald