EAP-TLS Signature Check Failure

Peter Bance peter at peterbance.co.uk
Thu Jun 11 14:51:31 CEST 2020

On 2020-06-11 12:48, Alan DeKok wrote:
> On Jun 11, 2020, at 4:31 AM, Peter Bance via Freeradius-Users
> <freeradius-users at lists.freeradius.org> wrote:
>> I'm afraid I've been all around the Windows and certificate side, and 
>> I've circled back to FreeRADIUS :( I probably should have included the 
>> full session log before (sadly I didn't think to save a successful 
>> entry from iOS to compare it to, I'll try and get one when I next 
>> can). I've pasted below (I don't think I need to "redact" anything 
>> here other than the SSID and OUs, which identified the client).
>> One thing strikes me, and the reason I'm being a nuisance here again 
>> (!) - the signature validation is failing "RSA_verify_PKCS1_PSS_mgf1", 
>> but both the client and CA certificates are signed with 
>> "sha256WithRSAEncryption", and the session is TLS 1.2. However, the 
>> very first client request asks for TLS 1.3 (subsequently downgraded to 
>> 1.2).
>   Well, if the TLS stuff is wrong, blame OpenSSL.  We rely on OpenSSL 
> for that.

No problem, I blame OpenSSL for a lot of things :-)

>> Could FreeRADIUS be "remembering" the initial 1.3, and thus trying an 
>> invalid signature validation on the certificate(s)?
>   No.  The TLS negotiation is handled by OpenSSL, and FreeRADIUS knows
> very little about it.

OK - understood.

>   Further, EAP-TLS for TLS 1.3 isn't even standardized yet.  I've been
> in touch with the Microsoft engineer who's implementing it.  We should
> be doing Windows / FreeRADIUS interoperation in the next month or so.
> So when it is released, Windows will work.

Ah, excellent! I look forward to that, I'll see if I can find a way to 
force Windows clients to curb their enthusiasm and use 1.2 for now.

>> I've tried going through the source code, but I confess my C and TLS 
>> skills aren't up to it :-(
>   I don't touch OpenSSL.  That code is a nightmare.
>   Maybe it's an issue with OpenSSL?
> https://github.com/openssl/openssl/issues/8443
> https://bbs.archlinux.org/viewtopic.php?id=253846

Thanks - I did see those issues, and checked the root causes definitely 
not the same.

>   Are you using RedHat?

No way! :-)


> Maybe you're running into the issue of RedHat
> replacing OpenSSL with NSS.  It's not the same, and it doesn't work.
> You might have to drop the RH packages, and move to ours at
> http://packages.networkradius.com

Already using the networkradius.com repo.

Thanks again for your time looking at this. I'll head back to digging 
into Windows and see why it's misbehaving.

Peter Bance
Information Security Adviser

More information about the Freeradius-Users mailing list