Hallo Buster,
ich poste einfach mal die Anleitung als Antwort auf deine Frage:
438 # Set min / max TLS version.
439 #
440 # Generally speaking you should NOT use TLS 1.0 or
441 # TLS 1.1. They are old, possibly insecure, and
442 # deprecated. However, it is sometimes necessary to
443 # enable it for compatibility with legact systems.
444 # We recommend replacing those legacy systems, and
445 # using at least TLS 1.2.
446 #
447 # Some Debian versions disable older versions of TLS,
448 # and requires the application to manually enable
449 # them.
450 #
451 # If you are running such a distribution, you should
452 # set these options, otherwise older clients will not
453 # be able to connect.
454 #
455 # Allowed values are „1.0“, „1.1“, „1.2“, and „1.3“.
456 #
457 # As of 2021, it is STRONGLY RECOMMENDED to set
458 #
459 # tls_min_version = „1.2“
460 #
461 # Older TLS versions are insecure and deprecated.
462 #
463 # In order to enable TLS 1.0 and TLS 1.1, you may
464 # also need to update cipher_list below to:
465 #
466 # * OpenSSL >= 3.x
467 #
468 # cipher_list = „DEFAULT@SECLEVEL=0“
469 #
470 # * OpenSSL < 3.x
471 #
472 # cipher_list = „DEFAULT@SECLEVEL=1“
473 #
474 # The values must be in quotes.
475 #
476 # We also STRONGLY RECOMMEND to set
477 #
478 # tls_max_version = „1.2“
479 #
480 # While the server will accept „1.3“ as a value,
481 # most EAP supplicants WILL NOT DO TLS 1.3 PROPERLY.
482 #
483 # i.e. they WILL NOT WORK, SO DO NOT ASK QUESTIONS ON
484 # THE LIST ABOUT WHY IT DOES NOT WORK.
485 #
486 # The TLS 1.3 support is here for future
487 # compatibility, as clients get upgraded, and people
488 # don’t upgrade their copies of FreeRADIUS.
489 #
490 # Also note that we only support TLS 1.3 for EAP-TLS.
491 # Other versions of EAP (PEAP, TTLS, FAST) DO NOT
492 # SUPPORT TLS 1.3.
493 #
494 tls_min_version = „1.2“
495 tls_max_version = „1.2“
https://fossies.org/linux/freeradius-server/raddb/mods-available/eap
Gruß
Thomas