I am trying to use freeradius with WPA2-EAP. I have android clients working but using IWD it seems to fail with a TLS handshake error. Ready to process requests Threads: total/active/spare threads = 2/0/2 Waking up in 0.3 seconds. Thread 1 got semaphore Thread 1 handling request 0, (1 handled so far) (0) Received Access-Request Id 0 from 192.168.2.2:44444 to 192.168.2.1:1812 length 117 (0) User-Name = "as" (0) NAS-IP-Address = 192.168.2.2 (0) Called-Station-Id = "b4378330fc3b" (0) Calling-Station-Id = "5a5b3135062e" (0) NAS-Identifier = "b4378330fc3b" (0) NAS-Port = 29 (0) Framed-MTU = 1400 (0) NAS-Port-Type = Wireless-802.11 (0) EAP-Message = 0x02000007016173 (0) Message-Authenticator = 0x03105277799198b5f2c8e05d953827e8 (0) session-state: No State attribute (0) # Executing section authorize from file /etc/raddb/radiusd.conf (0) authorize { (0) modsingle[authorize]: calling eap (rlm_eap) (0) eap: Peer sent EAP Response (code 2) ID 0 length 7 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) modsingle[authorize]: returned from eap (rlm_eap) (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = eap (0) # Executing group from file /etc/raddb/radiusd.conf (0) authenticate { (0) modsingle[authenticate]: calling eap (rlm_eap) (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_tls to process data (0) eap_tls: (TLS) TLS -Initiating new session (0) eap_tls: (TLS) TLS - Setting verify mode to require certificate from client (0) eap_tls: [eaptls start] = request (0) eap: Sending EAP Request (code 1) ID 1 length 10 (0) eap: EAP session adding &reply:State = 0xdfcd0373dfcc0e53 (0) modsingle[authenticate]: returned from eap (rlm_eap) (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) Post-Auth-Type sub-section not found. Ignoring. (0) session-state: Saving cached attributes (0) Framed-MTU = 1014 (0) Sent Access-Challenge Id 0 from 192.168.2.1:1812 to 192.168.2.2:44444 length 68 (0) EAP-Message = 0x0101000a0da000000000 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0xdfcd0373dfcc0e53057e01be00df4fb0 (0) Finished request Thread 1 waiting to be assigned a request (0) Cleaning up request packet ID 0 with timestamp +16 due to conflicting packet was received Waking up in 0.3 seconds. Thread 2 got semaphore Thread 2 handling request 1, (1 handled so far) (1) Received Access-Request Id 0 from 192.168.2.2:44444 to 192.168.2.1:1812 length 265 (1) User-Name = "as" (1) NAS-IP-Address = 192.168.2.2 (1) Called-Station-Id = "b4378330fc3b" (1) Calling-Station-Id = "5a5b3135062e" (1) NAS-Identifier = "b4378330fc3b" (1) NAS-Port = 29 (1) Framed-MTU = 1400 (1) State = 0xdfcd0373dfcc0e53057e01be00df4fb0 (1) NAS-Port-Type = Wireless-802.11 (1) EAP-Message = 0x020100890d00160301007e0100007a030367df7cae99f0e7e4fba4bb3181d9255fb4e4053b47f21d704f41904b9a089dc400002ac014c013003900330035002fc028c027006b0067003d003cc030c02f009f009e009d009cc0120016000a0100002700 (1) Message-Authenticator = 0x15eed9703faadf1d00a6dfe52a3e6807 (1) Restoring &session-state (1) &session-state:Framed-MTU = 1014 (1) # Executing section authorize from file /etc/raddb/radiusd.conf (1) authorize { (1) modsingle[authorize]: calling eap (rlm_eap) (1) eap: Peer sent EAP Response (code 2) ID 1 length 137 (1) eap: No EAP Start, assuming it's an on-going EAP conversation (1) modsingle[authorize]: returned from eap (rlm_eap) (1) [eap] = updated (1) } # authorize = updated (1) Found Auth-Type = eap (1) # Executing group from file /etc/raddb/radiusd.conf (1) authenticate { (1) modsingle[authenticate]: calling eap (rlm_eap) (1) eap: Removing EAP session with state 0xdfcd0373dfcc0e53 (1) eap: Previous EAP request found for state 0xdfcd0373dfcc0e53, released from the list (1) eap: Peer sent packet with method EAP TLS (13) (1) eap: Calling submodule eap_tls to process data (1) eap_tls: (TLS) EAP Continuing ... (1) eap_tls: (TLS) EAP Peer sent flags --- (1) eap_tls: (TLS) EAP Got final fragment (131 bytes) WARNING: (1) eap_tls: (TLS) EAP Total received record fragments (131 bytes), does not equal expected expected data length (0 bytes) (1) eap_tls: (TLS) EAP Verification says ok (1) eap_tls: (TLS) EAP Done initial handshake (1) eap_tls: (TLS) TLS - Handshake state [PINIT] - before SSL initialization (0) (1) eap_tls: (TLS) TLS - Handshake state [PINIT] - Server before SSL initialization (0) (TLS) Ignoring cbtls_msg call with pseudo content type 256, version 00000301 (1) eap_tls: (TLS) TLS - Handshake state [PINIT] - Server before SSL initialization (0) (TLS) Received 126 bytes of TLS data (TLS) 01 00 00 7a 03 03 67 df 7c ae 99 f0 e7 e4 fb a4 (TLS) bb 31 81 d9 25 5f b4 e4 05 3b 47 f2 1d 70 4f 41 (TLS) 90 4b 9a 08 9d c4 00 00 2a c0 14 c0 13 00 39 00 (TLS) 33 00 35 00 2f c0 28 c0 27 00 6b 00 67 00 3d 00 (TLS) 3c c0 30 c0 2f 00 9f 00 9e 00 9d 00 9c c0 12 00 (TLS) 16 00 0a 01 00 00 27 00 0a 00 10 00 0e 00 17 00 (TLS) 18 01 00 01 01 01 02 01 03 01 04 00 0d 00 0a 00 (TLS) 08 05 01 04 01 01 01 02 01 ff 01 00 01 00 (1) eap_tls: (TLS) TLS - recv TLS 1.3 Handshake, ClientHello (TLS) Ignoring cbtls_msg call with pseudo content type 256, version 00000303 (TLS) Received 2 bytes of TLS data (TLS) 02 28 (1) eap_tls: (TLS) TLS - send TLS 1.2 Alert, fatal handshake_failure ERROR: (1) eap_tls: (TLS) TLS - Alert write:fatal:handshake failure ERROR: (1) eap_tls: (TLS) TLS - Server : Error in error (1) eap_tls: Server preferred ciphers (by priority) (1) eap_tls: (TLS) [0] TLS_AES_256_GCM_SHA384 (1) eap_tls: (TLS) [1] TLS_AES_128_GCM_SHA256 (1) eap_tls: (TLS) [2] ECDHE-ECDSA-AES256-GCM-SHA384 (1) eap_tls: (TLS) [3] ECDHE-RSA-AES256-GCM-SHA384 (1) eap_tls: (TLS) [4] DHE-DSS-AES256-GCM-SHA384 (1) eap_tls: (TLS) [5] DHE-RSA-AES256-GCM-SHA384 (1) eap_tls: (TLS) [6] ECDHE-ECDSA-AES256-CCM (1) eap_tls: (TLS) [7] DHE-RSA-AES256-CCM (1) eap_tls: (TLS) [8] ECDHE-ECDSA-ARIA256-GCM-SHA384 (1) eap_tls: (TLS) [9] ECDHE-ARIA256-GCM-SHA384 (1) eap_tls: (TLS) [10] DHE-DSS-ARIA256-GCM-SHA384 (1) eap_tls: (TLS) [11] DHE-RSA-ARIA256-GCM-SHA384 (1) eap_tls: (TLS) [12] ADH-AES256-GCM-SHA384 (1) eap_tls: (TLS) [13] ECDHE-ECDSA-AES128-GCM-SHA256 (1) eap_tls: (TLS) [14] ECDHE-RSA-AES128-GCM-SHA256 (1) eap_tls: (TLS) [15] DHE-DSS-AES128-GCM-SHA256 (1) eap_tls: (TLS) [16] DHE-RSA-AES128-GCM-SHA256 (1) eap_tls: (TLS) [17] ECDHE-ECDSA-AES128-CCM (1) eap_tls: (TLS) [18] DHE-RSA-AES128-CCM (1) eap_tls: (TLS) [19] ECDHE-ECDSA-ARIA128-GCM-SHA256 (1) eap_tls: (TLS) [20] ECDHE-ARIA128-GCM-SHA256 (1) eap_tls: (TLS) [21] DHE-DSS-ARIA128-GCM-SHA256 (1) eap_tls: (TLS) [22] DHE-RSA-ARIA128-GCM-SHA256 (1) eap_tls: (TLS) [23] ADH-AES128-GCM-SHA256 (1) eap_tls: (TLS) [24] ECDHE-ECDSA-AES256-SHA384 (1) eap_tls: (TLS) [25] ECDHE-RSA-AES256-SHA384 (1) eap_tls: (TLS) [26] DHE-RSA-AES256-SHA256 (1) eap_tls: (TLS) [27] DHE-DSS-AES256-SHA256 (1) eap_tls: (TLS) [28] ECDHE-ECDSA-CAMELLIA256-SHA384 (1) eap_tls: (TLS) [29] ECDHE-RSA-CAMELLIA256-SHA384 (1) eap_tls: (TLS) [30] DHE-RSA-CAMELLIA256-SHA256 (1) eap_tls: (TLS) [31] DHE-DSS-CAMELLIA256-SHA256 (1) eap_tls: (TLS) [32] ADH-AES256-SHA256 (1) eap_tls: (TLS) [33] ADH-CAMELLIA256-SHA256 (1) eap_tls: (TLS) [34] ECDHE-ECDSA-AES128-SHA256 (1) eap_tls: (TLS) [35] ECDHE-RSA-AES128-SHA256 (1) eap_tls: (TLS) [36] DHE-RSA-AES128-SHA256 (1) eap_tls: (TLS) [37] DHE-DSS-AES128-SHA256 (1) eap_tls: (TLS) [38] ECDHE-ECDSA-CAMELLIA128-SHA256 (1) eap_tls: (TLS) [39] ECDHE-RSA-CAMELLIA128-SHA256 (1) eap_tls: (TLS) [40] DHE-RSA-CAMELLIA128-SHA256 (1) eap_tls: (TLS) [41] DHE-DSS-CAMELLIA128-SHA256 (1) eap_tls: (TLS) [42] ADH-AES128-SHA256 (1) eap_tls: (TLS) [43] ADH-CAMELLIA128-SHA256 (1) eap_tls: (TLS) [44] ECDHE-ECDSA-AES256-SHA (1) eap_tls: (TLS) [45] ECDHE-RSA-AES256-SHA (1) eap_tls: (TLS) [46] DHE-RSA-AES256-SHA (1) eap_tls: (TLS) [47] DHE-DSS-AES256-SHA (1) eap_tls: (TLS) [48] DHE-RSA-CAMELLIA256-SHA (1) eap_tls: (TLS) [49] DHE-DSS-CAMELLIA256-SHA (1) eap_tls: (TLS) [50] AECDH-AES256-SHA (1) eap_tls: (TLS) [51] ADH-AES256-SHA (1) eap_tls: (TLS) [52] ADH-CAMELLIA256-SHA (1) eap_tls: (TLS) [53] ECDHE-ECDSA-AES128-SHA (1) eap_tls: (TLS) [54] ECDHE-RSA-AES128-SHA (1) eap_tls: (TLS) [55] DHE-RSA-AES128-SHA (1) eap_tls: (TLS) [56] DHE-DSS-AES128-SHA (1) eap_tls: (TLS) [57] DHE-RSA-CAMELLIA128-SHA (1) eap_tls: (TLS) [58] DHE-DSS-CAMELLIA128-SHA (1) eap_tls: (TLS) [59] AECDH-AES128-SHA (1) eap_tls: (TLS) [60] ADH-AES128-SHA (1) eap_tls: (TLS) [61] ADH-CAMELLIA128-SHA (1) eap_tls: (TLS) [62] AES256-GCM-SHA384 (1) eap_tls: (TLS) [63] AES256-CCM (1) eap_tls: (TLS) [64] ARIA256-GCM-SHA384 (1) eap_tls: (TLS) [65] AES128-GCM-SHA256 (1) eap_tls: (TLS) [66] AES128-CCM (1) eap_tls: (TLS) [67] ARIA128-GCM-SHA256 (1) eap_tls: (TLS) [68] AES256-SHA256 (1) eap_tls: (TLS) [69] CAMELLIA256-SHA256 (1) eap_tls: (TLS) [70] AES128-SHA256 (1) eap_tls: (TLS) [71] CAMELLIA128-SHA256 (1) eap_tls: (TLS) [72] SRP-DSS-AES-256-CBC-SHA (1) eap_tls: (TLS) [73] SRP-RSA-AES-256-CBC-SHA (1) eap_tls: (TLS) [74] SRP-AES-256-CBC-SHA (1) eap_tls: (TLS) [75] AES256-SHA (1) eap_tls: (TLS) [76] CAMELLIA256-SHA (1) eap_tls: (TLS) [77] SRP-DSS-AES-128-CBC-SHA (1) eap_tls: (TLS) [78] SRP-RSA-AES-128-CBC-SHA (1) eap_tls: (TLS) [79] SRP-AES-128-CBC-SHA (1) eap_tls: (TLS) [80] AES128-SHA (1) eap_tls: (TLS) [81] CAMELLIA128-SHA (1) eap_tls: (TLS) TLS - Client preferred ciphers (by priority) (1) eap_tls: (TLS) [0] ECDHE-RSA-AES256-SHA (1) eap_tls: (TLS) [1] ECDHE-RSA-AES128-SHA (1) eap_tls: (TLS) [2] DHE-RSA-AES256-SHA (1) eap_tls: (TLS) [3] DHE-RSA-AES128-SHA (1) eap_tls: (TLS) [4] AES256-SHA (1) eap_tls: (TLS) [5] AES128-SHA (1) eap_tls: (TLS) [6] ECDHE-RSA-AES256-SHA384 (1) eap_tls: (TLS) [7] ECDHE-RSA-AES128-SHA256 (1) eap_tls: (TLS) [8] DHE-RSA-AES256-SHA256 (1) eap_tls: (TLS) [9] DHE-RSA-AES128-SHA256 (1) eap_tls: (TLS) [10] AES256-SHA256 (1) eap_tls: (TLS) [11] AES128-SHA256 (1) eap_tls: (TLS) [12] ECDHE-RSA-AES256-GCM-SHA384 (1) eap_tls: (TLS) [13] ECDHE-RSA-AES128-GCM-SHA256 (1) eap_tls: (TLS) [14] DHE-RSA-AES256-GCM-SHA384 (1) eap_tls: (TLS) [15] DHE-RSA-AES128-GCM-SHA256 (1) eap_tls: (TLS) [16] AES256-GCM-SHA384 (1) eap_tls: (TLS) [17] AES128-GCM-SHA256 ERROR: (1) eap_tls: (TLS) Failed reading from OpenSSL: ssl/statem/statem_srvr.c[2312]:error:0A0000C1:lib(20)::reason(193) ERROR: (1) eap_tls: (TLS) System call (I/O) error (-1) ERROR: (1) eap_tls: (TLS) EAP Receive handshake failed during operation ERROR: (1) eap_tls: [eaptls process] = fail ERROR: (1) eap: Failed continuing EAP TLS (13) session. EAP sub-module failed (1) eap: Sending EAP Failure (code 4) ID 1 length 4 (1) eap: Failed in EAP select (1) modsingle[authenticate]: returned from eap (rlm_eap) (1) [eap] = invalid (1) } # authenticate = invalid (1) Failed to authenticate the user (1) Using Post-Auth-Type Reject (1) Post-Auth-Type sub-section not found. Ignoring. (1) Login incorrect (eap_tls: (TLS) TLS - Alert write:fatal:handshake failure): [as] (from client ac port 29 cli 5a5b3135062e) (1) Delaying response for 5.000000 seconds Thread 2 waiting to be assigned a request Waking up in 4.6 seconds. (1) Sending delayed response (1) Sent Access-Reject Id 0 from 192.168.2.1:1812 to 192.168.2.2:44444 length 44 (1) EAP-Message = 0x04010004 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) Cleaning up request packet ID 0 with timestamp +16 due to done eady to process requests Waking up in 0.3 seconds. Thread 1 got semaphore Thread 1 handling request 2, (2 handled so far) (2) Received Access-Request Id 0 from 192.168.2.2:44444 to 192.168.2.1:1812 length 117 (2) User-Name = "as" (2) NAS-IP-Address = 192.168.2.2 (2) Called-Station-Id = "b4378330fc3b" (2) Calling-Station-Id = "5a5b3135062e" (2) NAS-Identifier = "b4378330fc3b" (2) NAS-Port = 29 (2) Framed-MTU = 1400 (2) NAS-Port-Type = Wireless-802.11 (2) EAP-Message = 0x02000007016173 (2) Message-Authenticator = 0x65ea19588c27954be750b34f05da01b7 (2) session-state: No State attribute (2) # Executing section authorize from file /etc/raddb/radiusd.conf (2) authorize { (2) modsingle[authorize]: calling eap (rlm_eap) (2) eap: Peer sent EAP Response (code 2) ID 0 length 7 (2) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (2) modsingle[authorize]: returned from eap (rlm_eap) (2) [eap] = ok (2) } # authorize = ok (2) Found Auth-Type = eap (2) # Executing group from file /etc/raddb/radiusd.conf (2) authenticate { (2) modsingle[authenticate]: calling eap (rlm_eap) (2) eap: Peer sent packet with method EAP Identity (1) (2) eap: Calling submodule eap_tls to process data (2) eap_tls: (TLS) TLS -Initiating new session (2) eap_tls: (TLS) TLS - Setting verify mode to require certificate from client (2) eap_tls: [eaptls start] = request (2) eap: Sending EAP Request (code 1) ID 1 length 10 (2) eap: EAP session adding &reply:State = 0x73da5fd773db5206 (2) modsingle[authenticate]: returned from eap (rlm_eap) (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) Post-Auth-Type sub-section not found. Ignoring. (2) session-state: Saving cached attributes (2) Framed-MTU = 1014 (2) Sent Access-Challenge Id 0 from 192.168.2.1:1812 to 192.168.2.2:44444 length 68 (2) EAP-Message = 0x0101000a0da000000000 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0x73da5fd773db520659675dbb5c31485d (2) Finished request Thread 1 waiting to be assigned a request (2) Cleaning up request packet ID 0 with timestamp +131 due to conflicting packet was received Waking up in 0.3 seconds. Thread 2 got semaphore Thread 2 handling request 3, (2 handled so far) (3) Received Access-Request Id 0 from 192.168.2.2:44444 to 192.168.2.1:1812 length 265 (3) User-Name = "as" (3) NAS-IP-Address = 192.168.2.2 (3) Called-Station-Id = "b4378330fc3b" (3) Calling-Station-Id = "5a5b3135062e" (3) NAS-Identifier = "b4378330fc3b" (3) NAS-Port = 29 (3) Framed-MTU = 1400 (3) State = 0x73da5fd773db520659675dbb5c31485d (3) NAS-Port-Type = Wireless-802.11 (3) EAP-Message = 0x020100890d00160301007e0100007a030367df7d21f4b742d6792d0128f9d335437102d658ee7fe1dc1c334257dacf927600002ac014c013003900330035002fc028c027006b0067003d003cc030c02f009f009e009d009cc0120016000a0100002700 (3) Message-Authenticator = 0x68e323e0b85f9b9e6c84bec8bc5bb779 (3) Restoring &session-state (3) &session-state:Framed-MTU = 1014 (3) # Executing section authorize from file /etc/raddb/radiusd.conf (3) authorize { (3) modsingle[authorize]: calling eap (rlm_eap) (3) eap: Peer sent EAP Response (code 2) ID 1 length 137 (3) eap: No EAP Start, assuming it's an on-going EAP conversation (3) modsingle[authorize]: returned from eap (rlm_eap) (3) [eap] = updated (3) } # authorize = updated (3) Found Auth-Type = eap (3) # Executing group from file /etc/raddb/radiusd.conf (3) authenticate { (3) modsingle[authenticate]: calling eap (rlm_eap) (3) eap: Removing EAP session with state 0x73da5fd773db5206 (3) eap: Previous EAP request found for state 0x73da5fd773db5206, released from the list (3) eap: Peer sent packet with method EAP TLS (13) (3) eap: Calling submodule eap_tls to process data (3) eap_tls: (TLS) EAP Continuing ... (3) eap_tls: (TLS) EAP Peer sent flags --- (3) eap_tls: (TLS) EAP Got final fragment (131 bytes) WARNING: (3) eap_tls: (TLS) EAP Total received record fragments (131 bytes), does not equal expected expected data length (0 bytes) (3) eap_tls: (TLS) EAP Verification says ok (3) eap_tls: (TLS) EAP Done initial handshake (3) eap_tls: (TLS) TLS - Handshake state [PINIT] - before SSL initialization (0) (3) eap_tls: (TLS) TLS - Handshake state [PINIT] - Server before SSL initialization (0) (TLS) Ignoring cbtls_msg call with pseudo content type 256, version 00000301 (3) eap_tls: (TLS) TLS - Handshake state [PINIT] - Server before SSL initialization (0) (TLS) Received 126 bytes of TLS data (TLS) 01 00 00 7a 03 03 67 df 7d 21 f4 b7 42 d6 79 2d (TLS) 01 28 f9 d3 35 43 71 02 d6 58 ee 7f e1 dc 1c 33 (TLS) 42 57 da cf 92 76 00 00 2a c0 14 c0 13 00 39 00 (TLS) 33 00 35 00 2f c0 28 c0 27 00 6b 00 67 00 3d 00 (TLS) 3c c0 30 c0 2f 00 9f 00 9e 00 9d 00 9c c0 12 00 (TLS) 16 00 0a 01 00 00 27 00 0a 00 10 00 0e 00 17 00 (TLS) 18 01 00 01 01 01 02 01 03 01 04 00 0d 00 0a 00 (TLS) 08 05 01 04 01 01 01 02 01 ff 01 00 01 00 (3) eap_tls: (TLS) TLS - recv TLS 1.3 Handshake, ClientHello (TLS) Ignoring cbtls_msg call with pseudo content type 256, version 00000303 (TLS) Received 2 bytes of TLS data (TLS) 02 28 (3) eap_tls: (TLS) TLS - send TLS 1.2 Alert, fatal handshake_failure ERROR: (3) eap_tls: (TLS) TLS - Alert write:fatal:handshake failure ERROR: (3) eap_tls: (TLS) TLS - Server : Error in error (3) eap_tls: Server preferred ciphers (by priority) (3) eap_tls: (TLS) [0] TLS_AES_256_GCM_SHA384 (3) eap_tls: (TLS) [1] TLS_AES_128_GCM_SHA256 (3) eap_tls: (TLS) [2] ECDHE-ECDSA-AES256-GCM-SHA384 (3) eap_tls: (TLS) [3] ECDHE-RSA-AES256-GCM-SHA384 (3) eap_tls: (TLS) [4] DHE-DSS-AES256-GCM-SHA384 (3) eap_tls: (TLS) [5] DHE-RSA-AES256-GCM-SHA384 (3) eap_tls: (TLS) [6] ECDHE-ECDSA-AES256-CCM (3) eap_tls: (TLS) [7] DHE-RSA-AES256-CCM (3) eap_tls: (TLS) [8] ECDHE-ECDSA-ARIA256-GCM-SHA384 (3) eap_tls: (TLS) [9] ECDHE-ARIA256-GCM-SHA384 (3) eap_tls: (TLS) [10] DHE-DSS-ARIA256-GCM-SHA384 (3) eap_tls: (TLS) [11] DHE-RSA-ARIA256-GCM-SHA384 (3) eap_tls: (TLS) [12] ADH-AES256-GCM-SHA384 (3) eap_tls: (TLS) [13] ECDHE-ECDSA-AES128-GCM-SHA256 (3) eap_tls: (TLS) [14] ECDHE-RSA-AES128-GCM-SHA256 (3) eap_tls: (TLS) [15] DHE-DSS-AES128-GCM-SHA256 (3) eap_tls: (TLS) [16] DHE-RSA-AES128-GCM-SHA256 (3) eap_tls: (TLS) [17] ECDHE-ECDSA-AES128-CCM (3) eap_tls: (TLS) [18] DHE-RSA-AES128-CCM (3) eap_tls: (TLS) [19] ECDHE-ECDSA-ARIA128-GCM-SHA256 (3) eap_tls: (TLS) [20] ECDHE-ARIA128-GCM-SHA256 (3) eap_tls: (TLS) [21] DHE-DSS-ARIA128-GCM-SHA256 (3) eap_tls: (TLS) [22] DHE-RSA-ARIA128-GCM-SHA256 (3) eap_tls: (TLS) [23] ADH-AES128-GCM-SHA256 (3) eap_tls: (TLS) [24] ECDHE-ECDSA-AES256-SHA384 (3) eap_tls: (TLS) [25] ECDHE-RSA-AES256-SHA384 (3) eap_tls: (TLS) [26] DHE-RSA-AES256-SHA256 (3) eap_tls: (TLS) [27] DHE-DSS-AES256-SHA256 (3) eap_tls: (TLS) [28] ECDHE-ECDSA-CAMELLIA256-SHA384 (3) eap_tls: (TLS) [29] ECDHE-RSA-CAMELLIA256-SHA384 (3) eap_tls: (TLS) [30] DHE-RSA-CAMELLIA256-SHA256 (3) eap_tls: (TLS) [31] DHE-DSS-CAMELLIA256-SHA256 (3) eap_tls: (TLS) [32] ADH-AES256-SHA256 (3) eap_tls: (TLS) [33] ADH-CAMELLIA256-SHA256 (3) eap_tls: (TLS) [34] ECDHE-ECDSA-AES128-SHA256 (3) eap_tls: (TLS) [35] ECDHE-RSA-AES128-SHA256 (3) eap_tls: (TLS) [36] DHE-RSA-AES128-SHA256 (3) eap_tls: (TLS) [37] DHE-DSS-AES128-SHA256 (3) eap_tls: (TLS) [38] ECDHE-ECDSA-CAMELLIA128-SHA256 (3) eap_tls: (TLS) [39] ECDHE-RSA-CAMELLIA128-SHA256 (3) eap_tls: (TLS) [40] DHE-RSA-CAMELLIA128-SHA256 (3) eap_tls: (TLS) [41] DHE-DSS-CAMELLIA128-SHA256 (3) eap_tls: (TLS) [42] ADH-AES128-SHA256 (3) eap_tls: (TLS) [43] ADH-CAMELLIA128-SHA256 (3) eap_tls: (TLS) [44] ECDHE-ECDSA-AES256-SHA (3) eap_tls: (TLS) [45] ECDHE-RSA-AES256-SHA (3) eap_tls: (TLS) [46] DHE-RSA-AES256-SHA (3) eap_tls: (TLS) [47] DHE-DSS-AES256-SHA (3) eap_tls: (TLS) [48] DHE-RSA-CAMELLIA256-SHA (3) eap_tls: (TLS) [49] DHE-DSS-CAMELLIA256-SHA (3) eap_tls: (TLS) [50] AECDH-AES256-SHA (3) eap_tls: (TLS) [51] ADH-AES256-SHA (3) eap_tls: (TLS) [52] ADH-CAMELLIA256-SHA (3) eap_tls: (TLS) [53] ECDHE-ECDSA-AES128-SHA (3) eap_tls: (TLS) [54] ECDHE-RSA-AES128-SHA (3) eap_tls: (TLS) [55] DHE-RSA-AES128-SHA (3) eap_tls: (TLS) [56] DHE-DSS-AES128-SHA (3) eap_tls: (TLS) [57] DHE-RSA-CAMELLIA128-SHA (3) eap_tls: (TLS) [58] DHE-DSS-CAMELLIA128-SHA (3) eap_tls: (TLS) [59] AECDH-AES128-SHA (3) eap_tls: (TLS) [60] ADH-AES128-SHA (3) eap_tls: (TLS) [61] ADH-CAMELLIA128-SHA (3) eap_tls: (TLS) [62] AES256-GCM-SHA384 (3) eap_tls: (TLS) [63] AES256-CCM (3) eap_tls: (TLS) [64] ARIA256-GCM-SHA384 (3) eap_tls: (TLS) [65] AES128-GCM-SHA256 (3) eap_tls: (TLS) [66] AES128-CCM (3) eap_tls: (TLS) [67] ARIA128-GCM-SHA256 (3) eap_tls: (TLS) [68] AES256-SHA256 (3) eap_tls: (TLS) [69] CAMELLIA256-SHA256 (3) eap_tls: (TLS) [70] AES128-SHA256 (3) eap_tls: (TLS) [71] CAMELLIA128-SHA256 (3) eap_tls: (TLS) [72] SRP-DSS-AES-256-CBC-SHA (3) eap_tls: (TLS) [73] SRP-RSA-AES-256-CBC-SHA (3) eap_tls: (TLS) [74] SRP-AES-256-CBC-SHA (3) eap_tls: (TLS) [75] AES256-SHA (3) eap_tls: (TLS) [76] CAMELLIA256-SHA (3) eap_tls: (TLS) [77] SRP-DSS-AES-128-CBC-SHA (3) eap_tls: (TLS) [78] SRP-RSA-AES-128-CBC-SHA (3) eap_tls: (TLS) [79] SRP-AES-128-CBC-SHA (3) eap_tls: (TLS) [80] AES128-SHA (3) eap_tls: (TLS) [81] CAMELLIA128-SHA (3) eap_tls: (TLS) TLS - Client preferred ciphers (by priority) (3) eap_tls: (TLS) [0] ECDHE-RSA-AES256-SHA (3) eap_tls: (TLS) [1] ECDHE-RSA-AES128-SHA (3) eap_tls: (TLS) [2] DHE-RSA-AES256-SHA (3) eap_tls: (TLS) [3] DHE-RSA-AES128-SHA (3) eap_tls: (TLS) [4] AES256-SHA (3) eap_tls: (TLS) [5] AES128-SHA (3) eap_tls: (TLS) [6] ECDHE-RSA-AES256-SHA384 (3) eap_tls: (TLS) [7] ECDHE-RSA-AES128-SHA256 (3) eap_tls: (TLS) [8] DHE-RSA-AES256-SHA256 (3) eap_tls: (TLS) [9] DHE-RSA-AES128-SHA256 (3) eap_tls: (TLS) [10] AES256-SHA256 (3) eap_tls: (TLS) [11] AES128-SHA256 (3) eap_tls: (TLS) [12] ECDHE-RSA-AES256-GCM-SHA384 (3) eap_tls: (TLS) [13] ECDHE-RSA-AES128-GCM-SHA256 (3) eap_tls: (TLS) [14] DHE-RSA-AES256-GCM-SHA384 (3) eap_tls: (TLS) [15] DHE-RSA-AES128-GCM-SHA256 (3) eap_tls: (TLS) [16] AES256-GCM-SHA384 (3) eap_tls: (TLS) [17] AES128-GCM-SHA256 ERROR: (3) eap_tls: (TLS) Failed reading from OpenSSL: ssl/statem/statem_srvr.c[2312]:error:0A0000C1:lib(20)::reason(193) ERROR: (3) eap_tls: (TLS) System call (I/O) error (-1) ERROR: (3) eap_tls: (TLS) EAP Receive handshake failed during operation ERROR: (3) eap_tls: [eaptls process] = fail ERROR: (3) eap: Failed continuing EAP TLS (13) session. EAP sub-module failed (3) eap: Sending EAP Failure (code 4) ID 1 length 4 (3) eap: Failed in EAP select (3) modsingle[authenticate]: returned from eap (rlm_eap) (3) [eap] = invalid (3) } # authenticate = invalid (3) Failed to authenticate the user (3) Using Post-Auth-Type Reject (3) Post-Auth-Type sub-section not found. Ignoring. (3) Login incorrect (eap_tls: (TLS) TLS - Alert write:fatal:handshake failure): [as] (from client ac port 29 cli 5a5b3135062e) (3) Delaying response for 5.000000 seconds Thread 2 waiting to be assigned a request Waking up in 4.6 seconds. (3) Sending delayed response (3) Sent Access-Reject Id 0 from 192.168.2.1:1812 to 192.168.2.2:44444 length 44 (3) EAP-Message = 0x04010004 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) Cleaning up request packet ID 0 with timestamp +131 due to done Ready to process requests