Dear freeradius-users, after googling, reading and debugging for about 3 days now, maybe the community is able to help: Since moving our radius to ubuntu 20.0.4 some of our users are not able to authenticate using peap. The error message in radius.log is kind of Mon Jun 28 16:02:17 2021 : ERROR: (370) eap_peap: ERROR: TLS Alert write:fatal:protocol version Mon Jun 28 16:02:17 2021 : Error: tls: TLS_accept: Error in error Mon Jun 28 16:02:17 2021 : Auth: (370) Login incorrect (eap_peap: TLS Alert write:fatal:protocol version): [eduroam@uni-koblenz.de] (from client Unifi AccessPoints port 0 cli ... Most of these client seem to be very old (macOS El Capitan, iOS 10.x) but not all of them. My suggestion is, that these clients try to use TLS 1.0. So I excerpted a debug log with freeradius -X (attached). Indeed I can see (197) eap_peap: <<< recv TLS 1.3 [length 0062] (197) eap_peap: >>> send TLS 1.0 Alert [length 0002], fatal protocol_version So I changed the following lines in mods-enables/eap: # disable_tlsv1_2 = no # disable_tlsv1_1 = yes # disable_tlsv1 = yes tls_min_version = "1.0" tls_max_version = "1.2" Restarted radius, but no change at all. Any help is greatly appreciated! Thanks in advance! -- Kind regards Christoph _________________________________________ Uni Koblenz, Computing Centre, Office A 022 Postfach 201602, 56016 Koblenz Fon: +49 261 287-1311, Fax: -100 1311