From a19a174f191ba1269edbc6922cabe57c9ae3a44f Mon Sep 17 00:00:00 2001
From: chapeau <corentin@canebier.fr>
Date: Sun, 30 Jan 2022 09:50:11 +0000
Subject: [PATCH] Ajout de la conf pour l'utilisation de certificat Let's
 Encrypt

---
 freeradius3/mods-enabled/eap | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/freeradius3/mods-enabled/eap b/freeradius3/mods-enabled/eap
index 8213bda..e6c5ca3 100644
--- a/freeradius3/mods-enabled/eap
+++ b/freeradius3/mods-enabled/eap
@@ -580,6 +580,33 @@ eap {
 		}
 	}
 
+	tls-config tls-LEcert {
+        private_key_file = ${certdir}/server.key
+        certificate_file = ${certdir}/cert.pem
+        ca_file = ${certdir}/fullchain.pem
+        dh_file = ${certdir}/dh
+        ca_path = ${cadir}
+        cipher_list = "DEFAULT"
+        cipher_server_preference = no
+        tls_min_version = "1.0"
+        tls_max_version = "1.2"
+        ecdh_curve = "prime256v1"
+
+        cache {
+            enable = yes
+            lifetime = 1 # hours
+        }
+
+        verify {
+        }
+
+        ocsp {
+            enable = no
+                override_cert_url = yes
+                url = "http://127.0.0.1/ocsp/"
+            }
+    }
+
 	## EAP-TLS
 	#
 	#  As of Version 3.0, the TLS configuration for TLS-based