ppp and eap-tls

Alan DeKok aland at deployingradius.com
Wed Dec 28 15:24:08 CET 2011

Frank wrote:
> I now get the following error in my radius log on an auth attempt:
> Error: TLS Alert write:fatal:decrypt error
> Error:     TLS_accept: failed in SSLv3 read certificate verify B
> Error: rlm_eap: SSL error error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
> Error: SSL: SSL_read failed inside of TLS (-1), TLS session fails.

  The client is broken.

> Now there's several issues:
> - I don't know what I changed which caused this behaviour (maybe an openssl update in Squeeze? Something changes in Windows Vista?)


> - the client certificates are valid (tested with openssl cli), and work fine when using for WPA auth
> - I don't really know what this error means
> - I can't find a solution for it. I've tried: 2048 bit (vs. 4096 bit) RSA certs and the extensions for XP for both the server and client certs
> Again, the same certificates work fine for WPA auth

  Which doesn't use certificates.

> I hope someone can shed some light onto this issue, or how to pin down the exact cause of the 'rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01' error.

  Find out which client it is.  Mac?  Windows?

  Alan DeKok.

More information about the Freeradius-Users mailing list