Hello, I'm currently testing freeradius v4 with eduroam and have encountered an issue with TLS 1.3: FreeRADIUS errors with the following error message:
(9) eap.ttls - Continuing EAP-TLS (9) eap.ttls - Got complete TLS record (146 bytes) (9) eap.ttls - [eap-tls verify] = complete (9) eap.ttls - <<< recv TLS 1.3, inner_content_type[length 1] (9) eap.ttls - Decrypted TLS application data (124 bytes) (9) eap.ttls - [eap-tls process] = complete (9) eap.ttls - Session established. Decoding Diameter attributes (9) eap.ttls - ERROR: Decoding TTLS TLVs failed: Tunneled challenge is incorrect (9) eap.ttls (reject) (9) eap - Resuming execution (9) eap - Sending EAP Failure (code 4) ID 10 length 4 (9) eap - Cleaning up EAP session (9) eap (reject)
The error shows up in the second EAP packet from the client after the Server Hello Done by the server (according to a wireshark capture) Server: current master (c406ab8) on debian buster with libssl-dev 1.1.1c-1 Client: Ubuntu 18.04.3 wpa_supplicant v2.6 OpenSSL 1.1.1 I have looked on some issues on Github which pointed out it's a problem on wpa_supplicant side. Since I currently don't have any other TLS1.3 capable radius server to test I just wanted to ask: Is this a problem in FreeRADIUS or in wpa_supplicant? Kind regards Jan-Frederik Rieckers