EAP-PEAP-GTC issue
Alan DeKok
aland at deployingradius.com
Sat Dec 17 02:44:41 CET 2016
On Dec 16, 2016, at 8:13 PM, Arjan Sinnige <a.sinnige at sae.edu> wrote:
>
> Alan DeKok Wrote :
>> Something is going wrong with TLS. What is going wrong? Upgrade to v3 to get better error messages.
>
> Ok I've created a test freeradius server on 3.0.13 Full Debug below...
>
> Still stumped by this.. Phone must be dead or cisco NAS issues ?? This does not look like a configuration error AFAIK. (Which isn't much)
>
> Any suggestions ?
Throw the phone in the garbage and buy one that works.
> (6) eap_ttls: Done initial handshake
> (6) eap_ttls: <<< recv TLS 1.0 Alert [length 0002], fatal decrypt_error
> (6) eap_ttls: ERROR: TLS Alert read:fatal:decrypt error
> (6) eap_ttls: ERROR: TLS_accept: Failed in unknown state
> (6) eap_ttls: ERROR: Failed in __FUNCTION__ (SSL_read)
> (6) eap_ttls: ERROR: error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error
> (6) eap_ttls: ERROR: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
The phone is saying that it doesn't like the TLS data from FreeRADIUS.
Since FreeRADIUS is used everywhere, and OpenSSL is used even more places...
If the phone doesn't work with FreeRADIUS + OpenSSL, then the phone is broken. Throw it in the garbage, and buy one that works.
Alan DeKok.
More information about the Freeradius-Users
mailing list