Server stopped responding, throwing multiple SSL-related errors

Ben Beuchler insyte at gmail.com
Mon Oct 23 20:05:56 CEST 2006


I'm running FreeRADIUS 1.1.2 on Ubuntu.  This morning one of the two
servers stopped answering requests.  The radius log contained
thousands of lines like these:

Mon Oct 23 12:32:56 2006 : Error: TLS Alert write:fatal:illegal parameter
Mon Oct 23 12:32:56 2006 : Error:     TLS_accept:error in SSLv3 read
certificate verify A
Mon Oct 23 12:32:56 2006 : Error: rlm_eap: SSL error
error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size
Mon Oct 23 12:32:56 2006 : Error: rlm_eap_tls: SSL_read failed in a
system call (-1), TLS session fails.
Mon Oct 23 12:33:02 2006 : Error:     TLS_accept:error in SSLv3 read
client certificate A
Mon Oct 23 12:33:02 2006 : Error: rlm_eap: SSL error
error:00000000:lib(0):func(0):reason(0)
Mon Oct 23 12:33:02 2006 : Error: TLS Alert write:fatal:bad record mac
Mon Oct 23 12:33:02 2006 : Error:     TLS_accept:error in SSLv3 read
certificate verify A
Mon Oct 23 12:33:02 2006 : Error: rlm_eap: SSL error
error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad
record mac
Mon Oct 23 12:33:02 2006 : Error: rlm_eap_tls: SSL_read failed in a
system call (-1), TLS session fails.
Mon Oct 23 12:33:02 2006 : Error: TLS Alert write:fatal:illegal parameter
Mon Oct 23 12:33:02 2006 : Error:     TLS_accept:error in SSLv3 read
certificate verify A
Mon Oct 23 12:33:02 2006 : Error: rlm_eap: SSL error
error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size
Mon Oct 23 12:33:02 2006 : Error: rlm_eap_tls: SSL_read failed in a
system call (-1), TLS session fails.
Mon Oct 23 12:33:16 2006 : Error:     TLS_accept:error in SSLv3 read
client certificate A

Restarting radiusd fixed it.

My build of FreeRADIUS was built from source, the SSL library is the
Ubuntu system openssl (v. 0.9.7).

Any idea what might have gone wrong?

-Ben



More information about the Freeradius-Users mailing list