Hello FreeRadius Team I hope you're doing well. I'm currently working on integrating FreeRADIUS with a Java-based authentication system, and I'm running into an issue related to TLS decryption during the EAP-TTLS handshake. Specifically, I'm seeing the following exception on the server side: javax.crypto.AEADBadTagException: Tag mismatch!
From my understanding, this typically indicates a problem with key mismatch or incorrect handling of encrypted TLS data, possibly during the decryption of the ClientKeyExchange or in the derivation of the pre-master/master secrets.
I've double-checked the cipher suites and key derivation process, and I'm using: - TLS version: TLS 1.2 - Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - Key derivation uses ECDHE Despite that, I’m still running into the above error, which blocks the successful authentication flow. Would you be able to guide me on what might be causing this or how I can debug it further within the FreeRADIUS or TLS stack? I’d greatly appreciate any pointers or direction, even if it's just confirming what part of the handshake to focus on. Thank you for your time and all the work you do for the FreeRADIUS project. Best regards, *Kalyani Borkar* Email: kalyaniborkar2205@gmail.com GitHub: github.com/Kalyani-Borka <https://github.com/Kalyani-Borkar>r [image: photo] Senior Software Engineer 7776978417 | kalyaniborkar2205@gmail.com <kalyaniborkar.tech@gmail.com> [image: __tpx__]