From: Alan T. DeKok <aland@freeradius.org>
Date: Tue, 8 Dec 2015 16:20:04 +0000 (-0500)
Subject: Document disable tls 1.2 because of OpenSSL breakage
X-Git-Tag: release_3_0_11~101
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=da63aef4d0fc5685fc7c1b5e56b29ebeb1ccf003;p=thirdparty%2Ffreeradius-server.git

Document disable tls 1.2 because of OpenSSL breakage
---

diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap
index ed742852cc6..1b69550d282 100644
--- a/raddb/mods-available/eap
+++ b/raddb/mods-available/eap
@@ -322,6 +322,12 @@ eap {
 		# in "man 1 ciphers".
 		cipher_list = "DEFAULT"
 
+		# Work-arounds for OpenSSL nonsense
+		# OpenSSL 1.0.1f and 1.0.1g do not calculate
+		# the EAP keys correctly.  The fix is to upgrade
+		# OpenSSL, or disable TLS 1.2 here. 
+#		disable_tlsv1_2 = no
+
 		#
 
 		#