FreeRadius and OpenSSL 1.0.2
aland at deployingradius.com
Mon Mar 23 18:10:10 CET 2015
On Mar 23, 2015, at 10:20 AM, Dave Duchscher <daved at nostrum.com> wrote:
> I am testing FreeRadius with OpenSSL 1.0.2 and noticed a strange issue. TTLS-MSCHAPv2 fails. PEAP and TTLS-(PAP, CHAP, MSCHAPv1) all work. The error that stands out is 'Invalid ACK received: 0'. I get this on both 2.2.6 and 3.0.7.
> Mon Mar 23 08:40:09 2015 : Info: [ttls] Authenticate
> Mon Mar 23 08:40:09 2015 : Info: [ttls] processing EAP-TLS
> Mon Mar 23 08:40:09 2015 : Info: [ttls] Received TLS ACK
> Mon Mar 23 08:40:09 2015 : Info: [ttls] ACK default
> Mon Mar 23 08:40:09 2015 : Error: [ttls] Invalid ACK received: 0
Ug. That’s ContentType 0. See http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-5
It’s unassigned. Why the heck is the client sending that?
> I assuming this a problem with the FreeBSD's OpenSSL 1.0.2 port but wanted to ask if anybody else has seen issues with the latest OpenSSL version?
More information about the Freeradius-Users