The main new feature in the release is support for EAP-TLS v. 1.3 – as specified in the RFC 9190. TLS v. 1.3 is available also for RadSec and for all TLS-based EAP methods. TLSv1.3 is disabled by default, but can be turned on by the customer when needed. TLSv1.3 will be enabled by default in future Radiator releases.
At the same time, we continue to monitor TLSv1.3 interoperability with EAP-TTLS and PEAP. At the moment TLSv1.3 session resumption is disabled because of interoperability problems. To help with this, we are participating in IETF work that aims to solve the pending issues.
In addition, significant update work for LDAP connection and TLS debugging has been made – as well as support for different Linux distributions.
For other new features, enhancements, interoperability, and bug fixes, please see below.
Selected compatibility notes, enhancements and fixes
- Significant LDAP updates to connection and TLS handling.
- Red Hat Enterprise Linux 9 and its derivatives are now supported.
- Ubuntu 22.04 is now supported.
- Session resumption is enabled for EAP-TLS with TLSv1.3 but remains disabled for the other TLS based EAP methods.
- TLSv1.3 is supported by EAP-TLS, EAP-TTLS and PEAP but remains disabled by default.
- TLSv1.3 is tested with RadSec and other Stream modules but remains disabled by default.
- Radiator can log TLS key material to a file to allow fully decrypting EAP and Stream SSL/TLS sessions.
- TLS handshake and state trace logging is now enabled for EAP and Stream modules, such as PEAP and RadSec, when Trace 4 (debugging) or PacketTrace is configured.
- Radiator SIM Pack 2.7 and Carrier Pack 1.7, or later, are strongly recommended.
Known caveats and other notes
- TLSv1.3 remains disabled by default for TLS based EAP methods and Stream based classes, such as RadSec. TLSv1.3 testing reports are welcome.
- Fix and enhance EAP-FAST. Requires Net::SSLeay 1.94 or later with OpenSSL 1.1.1 and later.
More detailed changes can be found in the revision history.
Radiator packages are available to download for current licensees from the downloads page and the Radiator repository.