EAP-TLS context uninitialized

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Jan 5 19:06:11 CET 2016


> On Jan 5, 2016, at 12:53 PM, Franks Andy (IT Technical Architecture Manager) <Andy.Franks at sath.nhs.uk> wrote:
> 
> Hi all,
>  I've a problem with FR3.1.0 git#f4d5ff6. This is on our test "wireless" radius server, and I'm looking to commission the configuration onto more production systems once it's certified. Basically the only changes are a newer version of FR, and some tidying of the config. The older version is git #390f216. When sending the same clients to both, very often the newer one complains with this issue and rejects the user:
> 
> (85) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> (85)   Auth-Type eap {
> (85) eap: Peer sent packet with method EAP TLS (13)
> (85) eap: Calling submodule eap_tls to process data
> (85) eap_tls: Continuing EAP-TLS
> (85) eap_tls: Peer indicated complete TLS record size will be 131 bytes
> (85) eap_tls: Got complete TLS record, with length (131 bytes)
> (85) eap_tls: [eap-tls verify] = ok
> (85) eap_tls: before/accept initialization
> (85) eap_tls: TLS Accept: before/accept initialization
> (85) eap_tls: <<< recv handshake [length 126], client_hello
> tls: TLS Accept: Error in SSLv3 read client hello C
> tls: TLS Accept: Error in SSLv3 read client hello C
> (85) eap_tls: ERROR: TLS says: error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized
> (85) eap_tls: ERROR: TLS_read failed in a system call (-1), TLS session failed
> (85) eap_tls: ERROR: TLS receive handshake failed during operation
> (85) eap_tls: ERROR: [eap-tls process] = fail
> (85) eap: ERROR: Failed continuing EAP TLS (13) session.  EAP sub-module failed
> (85) eap: Sending EAP Failure (code 4) ID 45 length 4
> (85) eap: Failed in EAP select
> 
> The confusing thing is it's not consistent - sometimes it will be ok, I've not yet worked out the pattern:

Do you have session resumption enabled?  Could be an issue with that.

-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160105/523ca7a3/attachment.sig>


More information about the Freeradius-Users mailing list