How-To: Use Radius With TLS 1.2


Radius usually works with the “mschap” protocol in UCS. This authentication method does not support all special characters. Probably the easiest approach would be to configure wireless clients to use WPA with PEAP and MSCHAPv2 for authentication.

If you prefer to switch to TLS, this could be accomplished using UCR variables. However, it is important to note that the currently available Radius version 3.0.17 only reliably supports TLS up to version 1.2. If there are clients that require TLS>=1.3 or only support mschap, you would exclude them from authentication. It should be noted here that as of Windows 11 22H2 only TLS is permitted.


ucr set freeradius/conf/auth-type/mschap=false
ucr set freeradius/conf/auth-type/ttls=true
ucr set freeradius/conf/tls-max-version='1.2'
1 Like

This topic was automatically closed after 24 hours. New replies are no longer allowed.