Hi, Alan, On 21.02.2020 23:26, Alan DeKok wrote:
On Feb 21, 2020, at 4:43 PM, iilinasi <Irina.Ilina-Sidorova@ulb.ac.be> wrote:
Yes, I totally understand that 1.3 is not supported. The thing is: I construct the packet myself and fill in the version to be 1.1.
How do you construct the packet yourself? Are you writing your own TLS library?
TLS library for 2 packets would be an overkill... I construct packets in my python script (can share it - but it's really very ugly at the moment). That's why I can tell you the version I send exactly - I fill it in as "0x0301", as per specification. Is there anything I miss? You can see 0x0301 in EAP message part of debug (and TLS 1.3 would correspond to 0x0304). Again, I understand that wireshark is not the ultimate source of truth, but it does not complain on anything and correctly dissects the packet as EAP-TLS 1.0.
Standard package for Ubuntu is 3.0.16 now, that's why I'm using it. I'd avoid blind upgrade. Any specific reason to go with 3.0.20 in regards with my issue?
Because it's newer and will likely solve any issues.
It's faster to install 3.0.20 than to wait for replies on a mailing list.
I installed 3.0.20 (didn't went without a few hiccups, but it's not related to this thread). The issue is still exactly the same, just debugs now a bit more readable. I attach them together with the packet capture. Thanks a lot!
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Cheers, Iron