Internal error during EAP-FAST
Alan DeKok
aland at deployingradius.com
Thu Oct 29 12:36:45 CET 2020
On Oct 29, 2020, at 5:14 AM, Sebastian <radius at wehle.dev> wrote:
>
> I try to do an 802.1x authentication of Cisco access points on Aruba
> switches against Freeradius 3.0.21-1 under Debian 10.6.
>
> The APs prefer to do EAP-FAST so I enabled the relevant parts in
> modules-enabled/eap but whenever a EAP-FAST request arrives now, it
> throws this:
> (2) eap: Calling submodule eap_fast to process data
> (2) eap_fast: Authenticate
> (2) eap_fast: Continuing EAP-TLS
> (2) eap_fast: [eaptls verify] = ok
> (2) eap_fast: Done initial handshake
> (2) eap_fast: (other): before SSL initialization
> (2) eap_fast: >>> send TLS 1.3 [length 0002]
There is no standard for using TLS 1.3 with *any* EAP method.
The EAP-FAST implementation in FreeRADIUS uses only TLS 1.1.
> I tried to change tls_max_version from 1.2 to 1.3 but that didn't
> change anything.
Change it to 1.1.
Alan DeKok.
More information about the Freeradius-Users
mailing list