FreeRadius and OpenSSL 1.0.2

Alan DeKok aland at deployingradius.com
Mon Mar 23 18:10:10 CET 2015


On Mar 23, 2015, at 10:20 AM, Dave Duchscher <daved at nostrum.com> wrote:

> I am testing FreeRadius with OpenSSL 1.0.2 and noticed a strange issue.  TTLS-MSCHAPv2 fails.  PEAP and TTLS-(PAP, CHAP, MSCHAPv1) all work.  The error that stands out is 'Invalid ACK received: 0'.  I get this on both 2.2.6 and 3.0.7.
> 
> 2.2.6
>  Mon Mar 23 08:40:09 2015 : Info: [ttls] Authenticate
>  Mon Mar 23 08:40:09 2015 : Info: [ttls] processing EAP-TLS
>  Mon Mar 23 08:40:09 2015 : Info: [ttls] Received TLS ACK
>  Mon Mar 23 08:40:09 2015 : Info: [ttls] ACK default
>  Mon Mar 23 08:40:09 2015 : Error: [ttls] Invalid ACK received: 0

  Ug.  That’s ContentType 0.  See http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-5

  It’s unassigned.  Why the heck is the client sending that?

> I assuming this a problem with the FreeBSD's OpenSSL 1.0.2 port but wanted to ask if anybody else has seen issues with the latest OpenSSL version?

  Nope.

  Alan DeKok.




More information about the Freeradius-Users mailing list