EAP - TLS 1.2 Support

Cholleti, Hanumantha Hanumantha.Cholleti at viasat.com
Sun Jan 19 05:26:47 CET 2014 

Hi 

Wondering if FreeRadius supports EAP TLS 1.2 authentication; our understanding is, if we have the OpenSSL version that supports the TLS 1.2 ciphers and FreeRadius EAP module is configured with the TLS 1.2 cipher, it should support.

ISSUE:
=====
Modem fails to do EAP TLS 1.2 authentication. Same modem successfully authenticates if it sends the SSL protocol of TLS 1.0
Want to make sure our FreeRadius configuration for EAP TLS 1.2 is correct.

FreeRadius Version Details:
====================
Sat Jan 18 20:02:05 2014 : Info: radiusd: FreeRADIUS Version 3.0.0, for host x86_64-redhat-linux-gnu, built on Nov 19 2013 at 13:23:31
Sat Jan 18 20:02:05 2014 : Debug: Server was built with:
Sat Jan 18 20:02:05 2014 : Debug:   accounting
Sat Jan 18 20:02:05 2014 : Debug:   authentication
Sat Jan 18 20:02:05 2014 : Debug:   ascend binary attributes
Sat Jan 18 20:02:05 2014 : Debug:   coa
Sat Jan 18 20:02:05 2014 : Debug:   control-socket
Sat Jan 18 20:02:05 2014 : Debug:   detail
Sat Jan 18 20:02:05 2014 : Debug:   dhcp
Sat Jan 18 20:02:05 2014 : Debug:   dynamic clients
Sat Jan 18 20:02:05 2014 : Debug:   proxy
Sat Jan 18 20:02:05 2014 : Debug:   regex-pcre
Sat Jan 18 20:02:05 2014 : Debug:   session-management
Sat Jan 18 20:02:05 2014 : Debug:   stats
Sat Jan 18 20:02:05 2014 : Debug:   tcp
Sat Jan 18 20:02:05 2014 : Debug:   threads
Sat Jan 18 20:02:05 2014 : Debug:   tls
Sat Jan 18 20:02:05 2014 : Debug:   unlang
Sat Jan 18 20:02:05 2014 : Debug:   vmps
Sat Jan 18 20:02:05 2014 : Debug: Server core libs:
Sat Jan 18 20:02:05 2014 : Debug:   talloc : 2.0.*
Sat Jan 18 20:02:05 2014 : Debug:   ssl    : OpenSSL 1.0.0-fips 29 Mar 2010

SSL Version Details
==============
OpenSSL 1.0.1e-fips 11 Feb 2013

OpenSSL ciphers:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:KRB5-DES-CBC3-SHA:KRB5-DES-CBC3-MD5:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:KRB5-IDEA-CBC-SHA:KRB5-IDEA-CBC-MD5:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:KRB5-DES-CBC-SHA:KRB5-DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-KRB5-RC4-MD5

CONFIGURATION:
==============
Sorry if we missed any additional documentation, for EAP TLS 1.2 authentication, we updated our eap configuration cipher:
cipher_list = "AES256-SHA256"

When the modem sends the protocol as TLS 1.0 - it authenticates successfully with the cipher_list "AES256-SHA256:AES128-SHA" or cipher_list set to "DEFAULT";
But, when modem sends the protocol as TLS 2.0; the authentication fails in EAP module, with following error:

ERROR from radius log
=================
With cipher set to (AES256-SHA256), we see following error in the log:

(3) eap : EAP TLS (13)
(3) eap : Calling eap_tls to process EAP data
(3) eap_tls : Authenticate
(3) eap_tls : processing EAP-TLS
  TLS Length 50
(3) eap_tls : Length Included
(3) eap_tls : eaptls_verify returned 11 
(3) eap_tls :     (other): before/accept initialization
(3) eap_tls :     TLS_accept: before/accept initialization
(3) eap_tls : <<< TLS 1.0 Handshake [length 002d], ClientHello  
(3) eap_tls : >>> TLS 1.0 Alert [length 0002], fatal handshake_failure  
(3) ERROR: eap_tls : SSL says: TLS Alert write:fatal:handshake failure
(3) ERROR: eap_tls : SSL says:     TLS_accept: error in SSLv3 read client hello C
(3) ERROR: eap_tls : SSL says: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
(3) eap_tls : eaptls_process returned 4 
(3) ERROR: eap : Failed continuing EAP TLS (13) session. EAP sub-module failed
(3) eap : Failed in EAP select
(3)   [eap] = invalid
(3)  } # Auth-Type eap = invalid
(3) Failed to authenticate the user.

Attached is the complete log with -X option.

Access-Request - Packet Capture Detail - EAP Message:
==========================================
Here is the Access-Request packet capture from modem showing the SSL protocol as TLS 1.2, along with the Cipher's being sent (0x003d - AES256-SHA256, and 0x002f - AES128-SHA)

        AVP: l=64  t=EAP-Message(79) Last Segment[1]
            EAP fragment
            Extensible Authentication Protocol
                Code: Response (2)
                Id: 1
                Length: 62
                Type: TLS EAP (EAP-TLS) (13)
                EAP-TLS Flags: 0x80
                    1... .... = Length Included: True
                    .0.. .... = More Fragments: False
                    ..0. .... = Start: False
                EAP-TLS Length: 52
                Secure Sockets Layer
                    SSL Record Layer: Handshake Protocol: Client Hello
                        Content Type: Handshake (22)
                        Version: TLS 1.2 (0x0303)
                        Length: 47
                        Handshake Protocol: Client Hello
                            Handshake Type: Client Hello (1)
                            Length: 43
                            Version: TLS 1.2 (0x0303)
                            Random
                                gmt_unix_time: Jan 17, 2014 10:28:34.000000000 Pacific Standard Time
                                random_bytes: 5aece723603b9f8864bfd0c80e592377f01f0b4cc787511d...
                            Session ID Length: 0
                            Cipher Suites Length: 4
                            Cipher Suites (2 suites)
                                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
                                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                            Compression Methods Length: 1
                            Compression Methods (1 method)
                                Compression Method: null (0)

Please let us know if you need any additional information.

Thanks
-Hanu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aaa-tls12.log
Type: application/octet-stream
Size: 50763 bytes
Desc: aaa-tls12.log
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140119/c176b729/attachment-0001.obj>

More information about the Freeradius-Users mailing list