Re: [RADIATOR] Radiator Version 4.15 released - security fixes and enhancements

2015-07-17 Thread Heikki Vatiainen
On 16.7.2015 17.04, Nick Lowe wrote: > In conjunction with https://tools.ietf.org/html/rfc7465 , it is > probably time for RADIUS servers to comply with this by default unless > explicitly configured otherwise: Thanks for the RC4 reminder Nick. This configuration is now possible with Radiator. I

Re: [RADIATOR] Radiator Version 4.15 released - security fixes and enhancements

2015-07-17 Thread Heikki Vatiainen
On 16.7.2015 18.10, Hartmaier Alexander wrote: > On 2015-07-16 15:07, Heikki Vatiainen wrote: >> There's also an example of how to use a custom module, possibly modified >> from Radius/LogFormat.pm, to change the formatting or add new formats. > I know because I was the one who requested the featu

Re: [RADIATOR] Radiator Version 4.15 released - security fixes and enhancements

2015-07-16 Thread Hartmaier Alexander
On 2015-07-16 15:07, Heikki Vatiainen wrote: > On 16.7.2015 13.42, Hartmaier Alexander wrote: > >> I couldn't find info about CEF and JSON logging in the reference manual, >> should be included at least as keywords with a pointer to the >> 'logformat.cfg' goodies file although I'd prefer having it

Re: [RADIATOR] Radiator Version 4.15 released - security fixes and enhancements

2015-07-16 Thread Nick Lowe
RC4 is particularly broken now: https://www.rc4nomore.com https://www.rc4nomore.com/vanhoef-usenix2015.pdf In conjunction with https://tools.ietf.org/html/rfc7465 , it is probably time for RADIUS servers to comply with this by default unless explicitly configured otherwise: "o TLS servers MUST N

Re: [RADIATOR] Radiator Version 4.15 released - security fixes and enhancements

2015-07-16 Thread Heikki Vatiainen
On 16.7.2015 13.42, Hartmaier Alexander wrote: > I couldn't find info about CEF and JSON logging in the reference manual, > should be included at least as keywords with a pointer to the > 'logformat.cfg' goodies file although I'd prefer having it in the main docs. Good point. I'll see that CEF an

Re: [RADIATOR] Radiator Version 4.15 released - security fixes and enhancements

2015-07-16 Thread Hartmaier Alexander
Hi Heikki, that's a great release! I couldn't find info about CEF and JSON logging in the reference manual, should be included at least as keywords with a pointer to the 'logformat.cfg' goodies file although I'd prefer having it in the main docs. Is there a way to log the used TLS version and cip

[RADIATOR] Radiator Version 4.15 released - security fixes and enhancements

2015-07-15 Thread Heikki Vatiainen
We are pleased to announce the release of Radiator version 4.15 This version contains fixes for an EAP-MSCHAP-V2 and EAP-pwd vulnerability. Upgrade is recommended. Please review OSC security advisory OSC-SEC-2015-01 for more information: https://www.open.com.au/OSC-SEC-2015-01.html As usual, the