diff --git a/net/freeradius/src/opnsense/mvc/app/controllers/OPNsense/Freeradius/forms/eap.xml b/net/freeradius/src/opnsense/mvc/app/controllers/OPNsense/Freeradius/forms/eap.xml
index 1f9cc42dc..dea314515 100644
--- a/net/freeradius/src/opnsense/mvc/app/controllers/OPNsense/Freeradius/forms/eap.xml
+++ b/net/freeradius/src/opnsense/mvc/app/controllers/OPNsense/Freeradius/forms/eap.xml
@@ -58,4 +58,10 @@
dropdown
Set minimum TLS version. Please be aware that every version below 1.2 is considered as insecure.
+
+ eap.tls_max_version
+
+ dropdown
+ Set maximum TLS version. Use 1.2 to avoid TLS 1.3 for legacy clients.
+
diff --git a/net/freeradius/src/opnsense/mvc/app/models/OPNsense/Freeradius/Eap.xml b/net/freeradius/src/opnsense/mvc/app/models/OPNsense/Freeradius/Eap.xml
index fba239000..7cda2110c 100644
--- a/net/freeradius/src/opnsense/mvc/app/models/OPNsense/Freeradius/Eap.xml
+++ b/net/freeradius/src/opnsense/mvc/app/models/OPNsense/Freeradius/Eap.xml
@@ -1,7 +1,7 @@
//OPNsense/freeradius/eap
EAP configuration
- 1.9.17
+ 1.9.18
md5
@@ -65,5 +65,16 @@
1.3
+
+ 1.3
+ Y
+ N
+
+ 1.0
+ 1.1
+ 1.2
+ 1.3
+
+
diff --git a/net/freeradius/src/opnsense/service/templates/OPNsense/Freeradius/mods-enabled-eap b/net/freeradius/src/opnsense/service/templates/OPNsense/Freeradius/mods-enabled-eap
index 652bebc8e..e43e15708 100644
--- a/net/freeradius/src/opnsense/service/templates/OPNsense/Freeradius/mods-enabled-eap
+++ b/net/freeradius/src/opnsense/service/templates/OPNsense/Freeradius/mods-enabled-eap
@@ -456,7 +456,7 @@ eap {
# The values must be in quotes.
#
tls_min_version = "{{ OPNsense.freeradius.eap.tls_min_version }}"
- tls_max_version = "1.3"
+ tls_max_version = "{{ OPNsense.freeradius.eap.tls_max_version }}"
# Elliptical cryptography configuration
#