31 Mar
2010
31 Mar
'10
3:38 p.m.
Christian Pinedo Zamalloa wrote:
hello,
I have found some errors in my freeradius server logs. It seems that some clients are having problems to authenticate againts them. I'm using PEAP/MSCHAPv2 with the latest freeradius version and SUSE OS.
Mon Mar 29 14:20:56 2010 : Error: TLS Alert write:fatal:protocol version Mon Mar 29 14:20:56 2010 : Error: rlm_eap: SSL error error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Mon Mar 29 14:20:56 2010 : Error: SSL: SSL_read failed in a system call (-1), TLS session fails.
The client is likely doing TLS v1.1, and the OpenSSL libraries don't support it. i.e. the client is *ignoring* TLS negotiation. They're broken. Tell the vendor to fix them. Alan DeKok.