testing: Use TLS 1.2 in RADIUS test cases

This took a while as in the OpenSSL package shipped with Debian and on which our FIPS-enabled package is based, the function SSL_export_keying_material(), which is used by FreeRADIUS to derive the MSK, did not use the correct digest to calculate the result when TLS 1.2 was used. This caused IKE to fail with "verification of AUTH payload with EAP MSK failed". The fix was only backported to jessie recently.
2025-10-06 00:00:47 -04:00 · 2015-11-26 19:06:41 +01:00 · 2015-11-26 19:06:41 +01:00 · 44e83f76f3
commit 44e83f76f3
parent 545e529190
2 changed files with 6 additions and 0 deletions
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
@ -4,3 +4,6 @@ charon {
  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown
  multiple_authentication=no
 }
+libtls {
+  suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+}
--- a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf
@ -32,3 +32,6 @@ libimcv {
    }
  }
 }
+libtls {
+  suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+}