07-27-2015 09:15 AM
It seems that the openssl update to version 1.0.1f has denied access to wireless due to ClearPass having a DH key that is below the 768 key length. I have installed several ssl patches but we are still having issues with the key negotiation. Does anyone know which patch will fix this ssl negotiation issue we are seeing. I would assume it would be an openssl update from the current 1.0.1e that we have on our ClearPass boxes to the 1.0.1f that is currently out.
Solved! Go to Solution.
07-28-2015 10:53 AM
Digging into this issue there is a work around to solve the connectivity issues. The radiusd.conf file is currently pointed to a dh512.pem file which is a dh key of 512. If you use openssl and create a new file with a min. key size of 768 you can replace the original file and restart the radius service. Obviously its better to have Aruba make this change or create a patch for this issue.
Creating a new file
openssl dhparam -check -text -5 768 -out dh512.pem