RFC: Including Mozilla recommended cipher suites in mod_ssl conf file
by Eric Christensen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The default settings for mod_ssl (for use in httpd) is:
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
This isn't a great default (for many reasons). I'd like to propose we provide the default ciphers suites as defined by Mozilla[0] in the configuration file with the Intermediate compatibility cipher suite uncommented:
<quote>
#This is the modern cipher suite that provides a higher level of security and is compatible with the latest browsers.
#SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
#This is the intermediate cipher suite that provides good security and compatibility with many browsers.
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
#This is the old, backward compatibility cipher suite that works with clients back to Windows XP/IE6. This should only be used as a last resort.
#SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
</quote>
By providing these recommended ciphers in the config file we provide the admin with a very good starting point with an easy way to move between configurations or change to something completely different.
[0] https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks(a)fedoraproject.org - sparks(a)redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJUgIRDAAoJEB/kgVGp2CYvwGML/12tIYqi1wMK3dmcK2HSenh2
bwsNcIm7jL+jnsg5NLuBZjaJcDduMfFHAn5yh3WdG7lRzozMLy+EGZwDKCvUS2Vk
okfPHRjD+Br37PceYYF1Pn1scHIK05JNw8TvYX52+unQDfdLRWEdaIoGZSP/oZk3
y5DhMBFnwediVBtdLYYbN9r4scaCDQOLBjUt4UmiKTiKbDNbEFRZn/VvGhDIX5RK
niVbUO2g5/V319z3tnPQjd4b1DGRVDtWvpD27pco+ca+6Ywx8hiPD3mr5vr1/P0K
OCn76gPuc4JaMSWeU80payp+YjJjprIt+AsteGroCzNX1pNn3bXPTY9JyGHXS/7S
CNxdN6arqfyDJHai0/dTDy1GKPEiF0g1weFhFoF3SxtN9+duiQYP3z7enSbZyfTD
AkZ0Dk6T0JHHhF2ojQ7Cf2+0ldE2eDu+iGD7xkreGF5nhUExYOgJOcpTnpjceo2w
DsjymoBjAn4KS/vq1PEZauTsnzpLOhcWTZIRPHpnQg==
=Aj6M
-----END PGP SIGNATURE-----
9 years, 4 months
TLS scan results for November 2014
by Hubert Kario
Not many changes since last month's scan results, though there are two
additions: tests for supported curves for ECDHE key exchange and signature
algorithms for DHE and ECDHE key exchange in TLS1.2.
I've also extended the scanner to perform few tests for different
intolerances, unfortunately they were rather inconclusive - the only certain
thing is that about 4.8% of TLS-enabled servers have broken implementations of
TLS.
Full analysis on my blog:
https://securitypitfalls.wordpress.com/2014/12/12/november-2014-results-i...
SSL/TLS survey of 441636 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)
Supported Ciphers Count Percent
-------------------------+---------+-------
3DES 374355 84.7655
3DES Only 402 0.091
AES 413509 93.6312
AES Only 3628 0.8215
AES-CBC Only 2370 0.5366
AES-GCM 226553 51.2986
AES-GCM Only 11 0.0025
CAMELLIA 169951 38.4821
CAMELLIA Only 1 0.0002
CHACHA20 14060 3.1836
Insecure 97652 22.1114
RC4 370269 83.8403
RC4 Only 3694 0.8364
RC4 Preferred 72316 16.3746
RC4 forced in TLS1.1+ 44600 10.0988
x:FF 29 RC4 Only 521 0.118
x:FF 29 RC4 Preferred 77977 17.6564
x:FF 29 incompatible 152 0.0344
y:DHE-RSA-SEED-SHA 81413 18.4344
y:IDEA-CBC-MD5 3271 0.7407
y:IDEA-CBC-SHA 66611 15.0828
y:SEED-SHA 83866 18.9898
z:ADH-AES128-GCM-SHA256 297 0.0672
z:ADH-AES128-SHA 1093 0.2475
z:ADH-AES128-SHA256 258 0.0584
z:ADH-AES256-GCM-SHA384 298 0.0675
z:ADH-AES256-SHA 1105 0.2502
z:ADH-AES256-SHA256 258 0.0584
z:ADH-CAMELLIA128-SHA 461 0.1044
z:ADH-CAMELLIA256-SHA 471 0.1066
z:ADH-DES-CBC-SHA 457 0.1035
z:ADH-DES-CBC3-SHA 1145 0.2593
z:ADH-RC4-MD5 929 0.2104
z:ADH-SEED-SHA 327 0.074
z:AECDH-AES128-SHA 13449 3.0453
z:AECDH-AES256-SHA 13444 3.0441
z:AECDH-DES-CBC3-SHA 13404 3.0351
z:AECDH-NULL-SHA 32 0.0072
z:AECDH-RC4-SHA 12431 2.8148
z:DES-CBC-MD5 21586 4.8877
z:DES-CBC-SHA 57810 13.09
z:DES-CBC3-MD5 38510 8.7199
z:ECDHE-RSA-NULL-SHA 40 0.0091
z:EDH-RSA-DES-CBC-SHA 50046 11.332
z:EXP-ADH-DES-CBC-SHA 370 0.0838
z:EXP-ADH-RC4-MD5 375 0.0849
z:EXP-DES-CBC-SHA 43742 9.9045
z:EXP-EDH-RSA-DES-CBC-SHA 32332 7.321
z:EXP-RC2-CBC-MD5 48992 11.0933
z:EXP-RC4-MD5 51816 11.7327
z:EXP1024-DES-CBC-SHA 10301 2.3325
z:EXP1024-RC4-SHA 10439 2.3637
z:NULL-MD5 308 0.0697
z:NULL-SHA 310 0.0702
z:NULL-SHA256 21 0.0048
z:RC2-CBC-MD5 21992 4.9797
z:RC4-64-MD5 1761 0.3987
Cipher ordering Count Percent
-------------------------+---------+-------
Client side 146876 33.2573
Server side 294760 66.7427
Supported Handshakes Count Percent
-------------------------+---------+-------
ADH 1219 0.276
AECDH 13477 3.0516
DHE 218697 49.5197
ECDHE 250523 56.7261
ECDHE and DHE 107307 24.2976
RSA 416216 94.2441
Supported PFS Count Percent PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits 194241 43.9821 88.8174
DH,1536bits 1 0.0002 0.0005
DH,2047bits 1 0.0002 0.0005
DH,2048bits 22093 5.0025 10.1021
DH,2226bits 1 0.0002 0.0005
DH,2236bits 2 0.0005 0.0009
DH,3072bits 11 0.0025 0.005
DH,3248bits 2 0.0005 0.0009
DH,4096bits 1313 0.2973 0.6004
DH,512bits 32507 7.3606 14.8639
DH,768bits 866 0.1961 0.396
DH,8192bits 1 0.0002 0.0005
ECDH,B-163,163bits 12 0.0027 0.0048
ECDH,B-571,570bits 565 0.1279 0.2255
ECDH,P-224,224bits 15 0.0034 0.006
ECDH,P-256,256bits 244052 55.2609 97.417
ECDH,P-384,384bits 717 0.1624 0.2862
ECDH,P-521,521bits 6141 1.3905 2.4513
Prefer DH,1024bits 102473 23.203 46.8562
Prefer DH,2048bits 2729 0.6179 1.2478
Prefer DH,2236bits 1 0.0002 0.0005
Prefer DH,3072bits 1 0.0002 0.0005
Prefer DH,4096bits 87 0.0197 0.0398
Prefer DH,512bits 23 0.0052 0.0105
Prefer DH,768bits 459 0.1039 0.2099
Prefer ECDH,B-163,163bits 12 0.0027 0.0048
Prefer ECDH,B-571,570bits 394 0.0892 0.1573
Prefer ECDH,P-224,224bits 14 0.0032 0.0056
Prefer ECDH,P-256,256bits 196706 44.5403 78.5181
Prefer ECDH,P-384,384bits 660 0.1494 0.2634
Prefer ECDH,P-521,521bits 5660 1.2816 2.2593
Prefer PFS 309219 70.0167 0
Support PFS 361913 81.9483 0
Supported ECC curves Count Percent
-------------------------+---------+--------
brainpoolP256r1 19 0.0043
brainpoolP384r1 19 0.0043
brainpoolP512r1 19 0.0043
prime192v1 573 0.1297
prime256v1 245656 55.6241
prime256v1 Only 213263 48.2893
secp160k1 554 0.1254
secp160r1 554 0.1254
secp160r2 554 0.1254
secp192k1 565 0.1279
secp224k1 576 0.1304
secp224r1 714 0.1617
secp256k1 579 0.1311
secp384r1 32501 7.3592
secp384r1 Only 109 0.0247
secp521r1 7817 1.77
secp521r1 Only 69 0.0156
sect163k1 559 0.1266
sect163k1 Only 1 0.0002
sect163r1 557 0.1261
sect163r2 570 0.1291
sect163r2 Only 12 0.0027
sect193r1 557 0.1261
sect193r2 557 0.1261
sect233k1 573 0.1297
sect233r1 573 0.1297
sect239k1 572 0.1295
sect283k1 573 0.1297
sect283r1 572 0.1295
sect409k1 570 0.1291
sect409r1 570 0.1291
sect571k1 574 0.13
sect571r1 574 0.13
Unsupported curve fallback Count Percent
------------------------------+---------+--------
False 52248 11.8306
True 161110 36.4803
order-specific 10 0.0023
unknown 228268 51.6869
ECC curve ordering Count Percent
-------------------------+---------+--------
client 577 0.1307
inconclusive-noecc 2 0.0005
server 245280 55.539
unknown 195777 44.3299
TLSv1.2 PFS supported sigalgs Count Percent
------------------------------+---------+--------
ECDSA-SHA1 24443 5.5346
ECDSA-SHA224 24448 5.5358
ECDSA-SHA256 24449 5.536
ECDSA-SHA384 24451 5.5365
ECDSA-SHA512 24454 5.5371
ECDSA-SHA512 Only 3 0.0007
RSA-MD5 106330 24.0764
RSA-MD5 Only 3 0.0007
RSA-SHA1 225736 51.1136
RSA-SHA1 Only 35561 8.0521
RSA-SHA224 186614 42.2552
RSA-SHA256 191459 43.3522
RSA-SHA256 Only 926 0.2097
RSA-SHA384 186997 42.3419
RSA-SHA512 187037 42.3509
RSA-SHA512 Only 37 0.0084
TLSv1.2 PFS ordering Count Percent
------------------------------+---------+--------
client 170553 38.6185
indeterminate 8 0.0018
intolerant 661 0.1497
order-fallback 5 0.0011
server 80372 18.1987
unsupported 40930 9.2678
TLSv1.2 PFS sigalg fallback Count Percent
------------------------------+---------+--------
ECDSA SHA1 24438 5.5335
ECDSA intolerant 20 0.0045
ECDSA pfs-rsa-SHA512 1 0.0002
RSA False 104894 23.7512
RSA SHA1 105580 23.9066
RSA intolerant 15354 3.4766
RSA pfs-ecdsa-SHA512 2 0.0005
RSA soft-nopfs 1464 0.3315
Renegotiation Count Percent
-------------------------+---------+--------
False 11218 2.5401
insecure 28271 6.4014
secure 402147 91.0585
Compression Count Percent
-------------------------+---------+--------
1 (zlib compression) 19036 4.3103
False 11218 2.5401
NONE 411382 93.1496
TLS session ticket hint Count Percent
-------------------------+---------+--------
1 1 0.0002
1 only 1 0.0002
3 2 0.0005
3 only 2 0.0005
5 1 0.0002
5 only 1 0.0002
10 3 0.0007
10 only 3 0.0007
15 7 0.0016
15 only 7 0.0016
30 9 0.002
30 only 9 0.002
45 1 0.0002
45 only 1 0.0002
60 71 0.0161
60 only 67 0.0152
65 1 0.0002
65 only 1 0.0002
70 1 0.0002
75 1 0.0002
75 only 1 0.0002
100 16 0.0036
100 only 16 0.0036
120 15 0.0034
120 only 15 0.0034
128 1 0.0002
128 only 1 0.0002
180 35 0.0079
180 only 35 0.0079
240 2 0.0005
240 only 2 0.0005
300 169526 38.3859
300 only 156066 35.3382
360 1 0.0002
360 only 1 0.0002
400 2 0.0005
400 only 2 0.0005
420 25 0.0057
420 only 17 0.0038
480 11 0.0025
480 only 10 0.0023
600 12859 2.9117
600 only 12605 2.8542
660 1 0.0002
660 only 1 0.0002
900 355 0.0804
900 only 337 0.0763
960 2 0.0005
960 only 2 0.0005
1000 1 0.0002
1000 only 1 0.0002
1200 253 0.0573
1200 only 249 0.0564
1500 11 0.0025
1500 only 10 0.0023
1800 258 0.0584
1800 only 254 0.0575
2100 1 0.0002
2100 only 1 0.0002
2400 1 0.0002
2400 only 1 0.0002
2700 5 0.0011
2700 only 5 0.0011
3000 8 0.0018
3000 only 8 0.0018
3600 336 0.0761
3600 only 309 0.07
5400 2 0.0005
6000 4 0.0009
6000 only 4 0.0009
7200 11602 2.6271
7200 only 8915 2.0186
10800 16 0.0036
10800 only 8 0.0018
14400 1087 0.2461
14400 only 1086 0.2459
18000 1 0.0002
18000 only 1 0.0002
21600 3246 0.735
21600 only 3244 0.7345
28800 13 0.0029
28800 only 12 0.0027
36000 420 0.0951
36000 only 412 0.0933
43200 2089 0.473
43200 only 2089 0.473
64800 40233 9.11
64800 only 40222 9.1075
72000 5 0.0011
72000 only 5 0.0011
86000 37 0.0084
86000 only 37 0.0084
86400 176 0.0399
86400 only 174 0.0394
100800 13809 3.1268
100800 only 13809 3.1268
115200 1 0.0002
115200 only 1 0.0002
129600 13 0.0029
129600 only 13 0.0029
604800 1 0.0002
604800 only 1 0.0002
864000 6 0.0014
864000 only 6 0.0014
None 201554 45.638
None only 185054 41.9019
Certificate sig alg Count Percent
-------------------------+---------+--------
None 14532 3.2905
ecdsa-with-SHA256 24424 5.5303
sha1WithRSAEncryption 300669 68.0807
sha256WithRSAEncryption 116628 26.4082
sha512WithRSAEncryption 1 0.0002
Certificate key size Count Percent
-------------------------+---------+--------
ECDSA 256 24452 5.5367
ECDSA 384 5 0.0011
ECDSA 521 1 0.0002
RSA 1024 1689 0.3824
RSA 2028 1 0.0002
RSA 2047 2 0.0005
RSA 2048 400697 90.7301
RSA 2049 1 0.0002
RSA 2056 6 0.0014
RSA 2058 2 0.0005
RSA 2064 1 0.0002
RSA 2080 2 0.0005
RSA 2084 10 0.0023
RSA 2096 1 0.0002
RSA 2345 1 0.0002
RSA 2408 3 0.0007
RSA 2432 8 0.0018
RSA 2536 1 0.0002
RSA 2612 1 0.0002
RSA 3071 1 0.0002
RSA 3072 54 0.0122
RSA 3248 3 0.0007
RSA 3600 1 0.0002
RSA 4046 1 0.0002
RSA 4048 2 0.0005
RSA 4056 33 0.0075
RSA 4086 3 0.0007
RSA 4092 2 0.0005
RSA 4096 14699 3.3283
RSA 4098 2 0.0005
RSA 8192 4 0.0009
RSA/ECDSA Dual Stack 40 0.0091
OCSP stapling Count Percent
-------------------------+---------+--------
Supported 73634 16.673
Unsupported 368002 83.327
Supported Protocols Count Percent
-------------------------+---------+-------
SSL2 38835 8.7934
SSL2 Only 100 0.0226
SSL3 204062 46.2059
SSL3 Only 2195 0.497
SSL3 or TLS1 Only 108575 24.5847
TLS1 438481 99.2856
TLS1 Only 46428 10.5127
TLS1.1 281522 63.7453
TLS1.1 Only 25 0.0057
TLS1.1 or up Only 443 0.1003
TLS1.2 292517 66.2349
TLS1.2 Only 337 0.0763
TLS1.2, 1.0 but not 1.1 13585 3.0761
Statistics from 477473 chains provided by 632817 hosts
Server provided chains Count Percent
-------------------------+---------+-------
complete 413143 65.2863
incomplete 27529 4.3502
untrusted 192145 30.3634
Trusted chain statistics
========================
Chain length Count Percent
-------------------------+---------+-------
2 2158 0.452
3 444774 93.1517
4 30513 6.3905
5 28 0.0059
CA key size in chains Count
-------------------------+---------
ECDSA 256 24427
ECDSA 384 24427
RSA 1024 1337
RSA 2045 1
RSA 2048 893943
RSA 4096 39222
Chains with CA key Count Percent
-------------------------+---------+-------
ECDSA 256 24427 5.1159
ECDSA 384 24427 5.1159
RSA 1024 1333 0.2792
RSA 2045 1 0.0002
RSA 2048 451667 94.5953
RSA 4096 38725 8.1104
Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384 24427
sha1WithRSAEncryption 336966
sha256WithRSAEncryption 90026
sha384WithRSAEncryption 54445
sha512WithRSAEncryption 20
Eff. host cert chain LoS Count Percent
-------------------------+---------+-------
80 337471 70.6786
112 115573 24.2051
128 24429 5.1163
Most popular root CAs Count Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA 112050 23.4673
(157753a5) AddTrust External CA Root 76553 16.0329
(5ad8a5d6) GlobalSign Root CA 48090 10.0718
(cbf06781) Go Daddy Root Certificate Authorit 37124 7.7751
(b204d74a) VeriSign Class 3 Public Primary Ce 30047 6.2929
(2e4eed3c) thawte Primary Root CA 28036 5.8717
(eed8c118) COMODO ECC Certification Authority 24425 5.1155
(244b5494) DigiCert High Assurance EV Root CA 23682 4.9599
(f081611a) The Go Daddy Group, Inc. 17028 3.5663
(b13cc6df) UTN-USERFirst-Hardware 12816 2.6841
(653b494a) Baltimore CyberTrust Root 11357 2.3786
(40547a79) COMODO Certification Authority 9670 2.0252
(ae8153b9) StartCom Certification Authority 9305 1.9488
(f387163d) Starfield Technologies, Inc. 7652 1.6026
Scan performed between 11th and 19th of November 2014.
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
9 years, 4 months
Re: Ongoing open-firewall discussion
by Eric Christensen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Tue, Dec 09, 2014 at 03:02:45PM +0100, Jan Rusnacko wrote:
> Hey guys,
>
> given that there is quite heated discussion about open by default firewall, is this something we want to contribute to (as a team) ? Do you think we a) can and b) should come with a statement and join the discussion ?
Moving this to the general security list...
Did FESCo really approve this? I can't imagine someone actually approving such a dumb request.
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks(a)fedoraproject.org - sparks(a)redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJUhxgPAAoJEB/kgVGp2CYvR7EL/R9U/mTaq+/4mGOaopZWiihV
+LusWiw4GguG7x4zGXtHe6FQGsspMbniuj7nmW5n+PxQyn4Du3Zk90jtQ4RwKUU5
53OCxQvKtOBZveWmHATXSEY/JNv8eCyuVkjO3Sc4ZQDewcpMGLAt5D50dU6vcOVo
a74E7t2TwpLUgzm4QwfFWMbVZtI8sdTc+VnBLZL+GF/ZAkHd0eiyQtPcgvebaRY9
68F3MjC3IwyVaQTa7LG1bhmMX/t96TinAVDKG45aS5wfkNnYFFoYVUuvxTtBvWS7
ZT3JZ8BjjkAsCh03p9JangGsWSEeN2AZTZ+qEPt6Z4l4qy88yrbE8ZPXv4KMEqTt
oXFZHOZg0X5/OulPe/Q3rsohe7hpMLdBmhvjfNkEnj7tx8R/VhUBwqt4I/AYhODQ
CX0FgDRf9Qa9AMrmfP+/KUvuTNC0pylVu0IegRmyizlvmqj1ltEuXauxwJsnLFKN
I5v/Ms4m7u2+WJloza2gUfzP+Zcup2JPbH6D7OVWJg==
=w7aN
-----END PGP SIGNATURE-----
9 years, 4 months
freeradius-client
by Nikos Mavrogiannopoulos
Hello,
Anyone have any opinion on the freeradius-client [0]? We currently ship
radiusclient-ng, which has been merged with freeradius-client since 2008
[1]. I'd like to make a package of it in Fedora, even though I'm not
really impressed about the API, and its development the past few years
is only on git repository; on the other hand there doesn't seem to be
much option in free software radius client libraries.
regards,
Nikos
[0]. https://github.com/FreeRADIUS/freeradius-client
[1]. http://wiki.freeradius.org/project/Radiusclient
9 years, 4 months