help seeing more debugging EAP-TTLS handshake
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Wed Sep 23 20:44:41 CEST 2015
Hi,
> I am trying to debug an EAP-TTLS handshake problem between FreeRADIUS 2.2.4
> with OpenSSL 1.0.1f and Mac OS X 10.10.5 and 10.9.5. The Macs are using
old. upgrade your FR
> b) FreeRADIUS/OpenSSL and these versions of Mac OS X can all do TLS 1.2.
> Does the text "TLS 1.0 Handshake" in the log really mean that it is only
> using TLS 1.0 instead of TLS 1.2?
yes. FR 2.2.4 doesnt do TLS 1.2 - 2.2.9 does
> c) There is a message in the log "TLS_accept: failed in SSLv3 read client
> certificate A". Does this mean that there was a client certificate
> presented by the client? (there shouldn't be a client cert at all)
how is the OSX device configured?
> d) Does anyone have any other suggestions to make this work? I already
> tried setting the cipher_list to well used ciphers that the Macs generally
> like ('AES+aRSA') and got the same result. (The trace below is with the
> default cipher_list).
works with DEFAULT. unless you want to start playing client compatibility issue
and need to remove eg DH methods or DES methods from the list I wouldnt touch it
(that particular combo only allows TLS1.2 and a few SSLv3 methods
> dh_file = ${certdir}/dh
how big is that dh key? must be 1024 or bigger
openssl dhparam -in dh -text -noout
> ttls {
> default_eap_type = md5
md5? really? I'm sure you want that to be mschapv2 for your systems. dont think OSX
will renegotiate.
alan
More information about the Freeradius-Users
mailing list