Package: libssl1.0.0 Version: 1.0.1e-2+deb7u18 When calling tls1_PRF() tls1_export_keying_material() directly passes the value of algorithm2 instead of using ssl_get_algorithm2(), which overrides the default PRF algorithm when TLS 1.2 is used. Therefore, the keying material is actually derived using the old PRF (combination of MD5/SHA1), which breaks e.g. EAP-TLS with newer versions of FreeRADIUS.
The problem is corrected in later versions of OpenSSL. The fix can be found at [1]. Regards, Tobias [1] https://github.com/openssl/openssl/commit/4fdf91742e3b7eb73e41b38d8d5b2f17d4d5b544
