FreeRadius 3.0.17 - TLS issue
a.cudbardb at freeradius.org
Thu Nov 29 02:26:17 CET 2018
> On Nov 28, 2018, at 6:48 AM, Alan DeKok <aland at deployingradius.com> wrote:
> On Nov 27, 2018, at 12:37 PM, Thorsten Fritsch <thorsten.fritsch at unibas.ch> wrote:
>> we're running FR 3.0.17 and currently have some trouble with Windows 10 Clients which since just recently no longer can
>> connect to the PEAP/MS-CHAPv2-based eduroam network.
>> According to the radius debug log the FR server sends an Access Accept to the NAS (Cisco WLC) but it then terminates
>> with the information: ERROR: eap_peap: TLS Alert write:fatal:protocol version
> Likely due to TLS 1.2.
>> 53282519) Tue Nov 27 16:07:35 2018: Debug: Sent Access-Accept Id 251 from 188.8.131.52:1812 to 10.33.6.2:54247 length 0
>> (53282519) Tue Nov 27 16:07:35 2018: Debug: Tunnel-Type = VLAN
> Don't sent "radiusd -Xx" please... all of the documentation says to just use "radiusd -X".
>> It looks like a TLS mismtach but not sure. Any experiences with this ? Which TLS versions are supported by FR 3.0.17 ?
> FreeRADIUS uses OpenSSL for TLS. So check your OpenSSL library.
> Odds are that you're running a version / OS which is a few years old, and doesn't support TLS 1.2. You'll have to upgrade to a recent release of OpenSSL in order to fix that.
radiusd -Xv should show you the version of OpenSSL the server is linked against.
More information about the Freeradius-Users