(4) eap_tls: ERROR: TLS Alert write:fatal:unexpected_message
Alan DeKok
aland at deployingradius.com
Mon Jun 21 14:03:38 CEST 2021
On Jun 17, 2021, at 10:07 PM, Michel Verhagen <mike at guruce.com> wrote:
> With whatever I have tried, wireshark always complains about the .pem files, passwords, etc.
I ran into the same thing. No matter what I do, wireshark is unable to open the PEM files. This is disappointing. IIRC it used to work.
> I have tried this:
>
> Wireshark -> Edit -> Preferences -> Protocols -> TLS -> RSA keys list [Edit...] -> ip any, port 0, protocol data, key file ca.pem, password <nothing>, but wireshark pops up an error dialog stating "Can't load private key from ca.pem: can't import pem data: The requested data were not available". I don't think I can use the (Pre)-Master-Secret log filename (setting the "SSLKEYLOGFILE" environment variable) because that requires a webbrowser like Chrome. Anyway, any pointers on how to capture the right stuff and decode using the certs from Freeradius would be appreciated.
I pushed some changes which add some more information to debug 4 (radiusd -Xxx)
* print out a hex dump of the TLS messages, this gives more information on what's going on
* print out TLS information needed by Wireshark to decode the packets, as per: https://wiki.wireshark.org/TLS
...
Sun Jun 20 09:24:42 2021 : Debug: (20) eap_ttls: (TLS) KEYLOG: CLIENT_RANDOM B3C3EF6D1A8D9C0C0AB670824767991DC3E309AD47D317942C1A5CAF670A8E07 2C6B1E41C4FEEDABCF58568539E9B48DA2C79A2C1CBAE402FED4428BD59442A8DBE50553EDC5B927BEE5A0DA8AC90120
...
In *theory* you should be able to grab the text after "KEYLOG:", place it into a file, and then have Wireshark load it. However, that also doesn't work for me. i.e. it never complains about the file, but also never decrypts any of the TLS data.
:(
Alan DeKok.
More information about the Freeradius-Devel
mailing list