On Jan 5, 2016, at 12:53 PM, Franks Andy (IT Technical Architecture Manager) <Andy.Franks@sath.nhs.uk> wrote:
Hi all, I've a problem with FR3.1.0 git#f4d5ff6. This is on our test "wireless" radius server, and I'm looking to commission the configuration onto more production systems once it's certified. Basically the only changes are a newer version of FR, and some tidying of the config. The older version is git #390f216. When sending the same clients to both, very often the newer one complains with this issue and rejects the user:
(85) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (85) Auth-Type eap { (85) eap: Peer sent packet with method EAP TLS (13) (85) eap: Calling submodule eap_tls to process data (85) eap_tls: Continuing EAP-TLS (85) eap_tls: Peer indicated complete TLS record size will be 131 bytes (85) eap_tls: Got complete TLS record, with length (131 bytes) (85) eap_tls: [eap-tls verify] = ok (85) eap_tls: before/accept initialization (85) eap_tls: TLS Accept: before/accept initialization (85) eap_tls: <<< recv handshake [length 126], client_hello tls: TLS Accept: Error in SSLv3 read client hello C tls: TLS Accept: Error in SSLv3 read client hello C (85) eap_tls: ERROR: TLS says: error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized (85) eap_tls: ERROR: TLS_read failed in a system call (-1), TLS session failed (85) eap_tls: ERROR: TLS receive handshake failed during operation (85) eap_tls: ERROR: [eap-tls process] = fail (85) eap: ERROR: Failed continuing EAP TLS (13) session. EAP sub-module failed (85) eap: Sending EAP Failure (code 4) ID 45 length 4 (85) eap: Failed in EAP select
The confusing thing is it's not consistent - sometimes it will be ok, I've not yet worked out the pattern:
Do you have session resumption enabled? Could be an issue with that. -Arran