TLS question

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

TLS question

Juan Daniel Moreno

I'm using freeRadius 1.0.4 with latest openSSL. and I would like to
know something about tls config.

When I launch radius en debug mode I get this messages:

 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = "(null)"
 tls: pem_file_type = yes
 tls: private_key_file = "/etc/raddb/certs/juan/key.key"
 tls: certificate_file = "/etc/raddb/certs/juan/cert.cert"
 tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem"
 tls: private_key_password = "whatever"
 tls: dh_file = "/etc/raddb/certs/dh"
 tls: random_file = "/etc/raddb/certs/random"
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = yes
 tls: check_cert_cn = "%{User-Name}"

but I would like to know how to change some parameters (like
rsa_key_exchange = yes) and, even more important,  if the
rsa_key_length is given in Bytes or bits. Does it mean that the
certificate length changes in function of this rsa_key_length?

Thank you, Juan Daniel MORENO
OpenSSL Project                       
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]