FreeRadius and OpenSSL 1.0.2
daved at nostrum.com
Tue Mar 24 15:45:46 CET 2015
On Mar 23, 2015, at 12:10 PM, Alan DeKok <aland at deployingradius.com> wrote:
> On Mar 23, 2015, at 10:20 AM, Dave Duchscher <daved at nostrum.com> wrote:
>> I am testing FreeRadius with OpenSSL 1.0.2 and noticed a strange issue. TTLS-MSCHAPv2 fails. PEAP and TTLS-(PAP, CHAP, MSCHAPv1) all work. The error that stands out is 'Invalid ACK received: 0'. I get this on both 2.2.6 and 3.0.7.
>> Mon Mar 23 08:40:09 2015 : Info: [ttls] Authenticate
>> Mon Mar 23 08:40:09 2015 : Info: [ttls] processing EAP-TLS
>> Mon Mar 23 08:40:09 2015 : Info: [ttls] Received TLS ACK
>> Mon Mar 23 08:40:09 2015 : Info: [ttls] ACK default
>> Mon Mar 23 08:40:09 2015 : Error: [ttls] Invalid ACK received: 0
> Ug. That’s ContentType 0. See http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-5
> It’s unassigned. Why the heck is the client sending that?
This was from eapol_test from wpa_supplicant. Not sure of the version. I pulled down wpa_supplicant 2.4 and the issue has disappeared. Weird that it showed up with the newer version of openssl.
My apologies for the noise.
>> I assuming this a problem with the FreeBSD's OpenSSL 1.0.2 port but wanted to ask if anybody else has seen issues with the latest OpenSSL version?
More information about the Freeradius-Users