[openssl-users] no shared cipher issue with freeradius

Amjad Ali amjadmsit at gmail.com
Thu Jul 26 02:06:03 UTC 2018

Hi All,

My client is a windows XP and Freeradius version is 3.0.15 and openssl
version is [OpenSSL 1.0.1t  3 May 2016 (Library: OpenSSL 1.0.2k  26 Jan
The client sends these cipher suites to the server in auth request

Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x0064)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x0062)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
Cipher Suite: TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA (0x0063)

but I get a no shared cipher error and handshake fails.

My understanding is quite limited on this issue but I've tried to set
cipher_list = "DEFAULT" and  "ALL:!EXPORT:!eNULL:!SSLv2" in eap.conf but
nothing seems to work, I get the same no cipher issue.

Assuming FreeRadius gets its ciphers from Openssl, is there a way I can
make openssl to include the above keys in its cipher list?

I tried to update these ciphers on the client but I couldn't find anything
on google.

I would appreciate if anyone can help in this regard.

Many Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180726/50931301/attachment-0001.html>

More information about the openssl-users mailing list