To be fair, we have FreeRADIUS deployed on RHEL6, using the RedHat-supplied packages. So far, we've been happy with the stability this provides, but realize that FreeRADIUS 2.2.6 is way outdated.
Yup. You should upgrade to 2.2.10 at least. It also has fixes for TLS 1.2. :)
For anyone having this problem ... upgrading to FreeRADIUS 3.0.17, and to openssl 1.0.2p appears to have solved the problem. Moving to FR3 is long overdue. It will require some reconfigurations on my part, which will surely prompt more questions. Thanks for the advice so far. Norman On Tue, Aug 14, 2018 at 10:39 AM Alan DeKok <aland@deployingradius.com> wrote:
On Aug 14, 2018, at 10:34 AM, Norman Elton <normelton@gmail.com> wrote:
Deploying EAP-TLS, I've got the CA and certificate configured on the server, and the client-side certificate on the client. But I'm getting a "Unknown TLS version [length 0002]" message. Debug output below.
You're running v2. I would suggest upgrading.
Is the "[length 0002]" referring to only have two bytes to parse? Is some of the transaction getting lost someplace?
I'm not sure. It's a TLS issue.
To be fair, we have FreeRADIUS deployed on RHEL6, using the RedHat-supplied packages. So far, we've been happy with the stability this provides, but realize that FreeRADIUS 2.2.6 is way outdated.
Yup. You should upgrade to 2.2.10 at least. It also has fixes for TLS 1.2. :)
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html