• Issue #1: Built-in Omada Radius server uses EAP-MD5-Challenge by default. This method is compromised and deprecated, and declined by the client machine for that reason.
• Issue #2: Built-in Omada Radius server then switches to EAP-PEAP but resorts to the weakest cipher supported by the client for the outer tunnel (TLS_RSA_WITH_AES_128_CBC_SHA, which is consered weak: https://ciphersuite.info/cs/TLS_RSA_WITH_AES_128_CBC_SHA/).
• Issue #3: Built-in Omada Radius server still "secures" the inner tunnel with MD5, which again is a compromised method that leaves users vulnerable.
• Issue #4: TLS 1.3 doesn't seem to work to secure the outer tunnel.

Expected behaviours:

• Compromised ciphers should be disabled in the built-in Omada Radius server.
• The built-in Omada Radius server should pick the strongest common cipher.
• The built-in Omada Radius server should implement TLS 1.3 to secure the outer tunnel