Hello, after upgrading to 3.0.22 I can see many authentication problems with old devices (e.g. Android 4.4) Using EAP + MSCHAPv2. I configured tls_min_version to 1.0 and tls_max_version to 1.3. Debug log: (32) eap_peap: (TLS) EAP Got all data (198 bytes) (32) eap_peap: (TLS) Handshake state - before SSL initialization (0) (32) eap_peap: (TLS) Handshake state - Server before SSL initialization (0) (32) eap_peap: (TLS) Handshake state - Server before SSL initialization (0) (32) eap_peap: (TLS) recv TLS 1.3 Handshake, ClientHello (32) eap_peap: (TLS) send TLS 1.0 Alert, fatal protocol_version (32) eap_peap: ERROR: (TLS) Alert write:fatal:protocol version (32) eap_peap: ERROR: (TLS) Server : Error in error (32) eap_peap: ERROR: (TLS) Failed reading from OpenSSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol (32) eap_peap: ERROR: (TLS) System call (I/O) error (-1) (32) eap_peap: ERROR: (TLS) EAP Receive handshake failed during operation freeradius -Xxv Mon May 31 12:00:32 2021 : Info: radiusd: FreeRADIUS Version 3.0.22 (git #7c658e1c0), for host x86_64-pc-linux-gnu Mon May 31 12:00:32 2021 : Debug: Server was built with: Mon May 31 12:00:32 2021 : Debug: accounting : yes Mon May 31 12:00:32 2021 : Debug: authentication : yes Mon May 31 12:00:32 2021 : Debug: ascend-binary-attributes : yes Mon May 31 12:00:32 2021 : Debug: coa : yes Mon May 31 12:00:32 2021 : Debug: control-socket : yes Mon May 31 12:00:32 2021 : Debug: detail : yes Mon May 31 12:00:32 2021 : Debug: dhcp : yes Mon May 31 12:00:32 2021 : Debug: dynamic-clients : yes Mon May 31 12:00:32 2021 : Debug: osfc2 : no Mon May 31 12:00:32 2021 : Debug: proxy : yes Mon May 31 12:00:32 2021 : Debug: regex-pcre : no Mon May 31 12:00:32 2021 : Debug: regex-posix : yes Mon May 31 12:00:32 2021 : Debug: regex-posix-extended : yes Mon May 31 12:00:32 2021 : Debug: session-management : yes Mon May 31 12:00:32 2021 : Debug: stats : yes Mon May 31 12:00:32 2021 : Debug: systemd : yes Mon May 31 12:00:32 2021 : Debug: tcp : yes Mon May 31 12:00:32 2021 : Debug: threads : yes Mon May 31 12:00:32 2021 : Debug: tls : yes Mon May 31 12:00:32 2021 : Debug: unlang : yes Mon May 31 12:00:32 2021 : Debug: vmps : yes Mon May 31 12:00:32 2021 : Debug: developer : no Mon May 31 12:00:32 2021 : Debug: Server core libs: Mon May 31 12:00:32 2021 : Debug: freeradius-server : 3.0.22 Mon May 31 12:00:32 2021 : Debug: talloc : 2.1.* Mon May 31 12:00:32 2021 : Debug: ssl : 1.1.1d release openssl ciphers -s -v -tls1 ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 openssl ciphers -s -v -tls1_2 ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 openssl ciphers -s -v -tls1_3 TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
On May 31, 2021, at 6:15 AM, HERCEK, Marián <marian.hercek@ucm.sk> wrote:
after upgrading to 3.0.22 I can see many authentication problems with old devices (e.g. Android 4.4)
Those devices don't support TLS 1.3. They might *ask for* TLS 1.3, but they won't *implement* it properly.
Using EAP + MSCHAPv2.
If you read the debug output, you'll see that PEAP doesn't support 1.3, either. This is because (for now), we only support TLS 1.3 for EAP-TLS. The reasons why are complex.
I configured tls_min_version to 1.0 and tls_max_version to 1.3.
Use tls_max_version = "1.3" Alan DeKok.
Hello, 1) it's very unlikely Android 4.4 supports TLS 1.3 2) recv TLS 1.3 Handshake, ClientHello - does it belong to client (Android 4.4) or NAS (e.g. WiFi AP)? 3) you mean I have to configure just tls_max_version and not tls_min_version? Thanks. MH -----Pôvodná správa----- Od: Freeradius-Users <freeradius-users-bounces+marian.hercek=ucm.sk@lists.freeradius.org> V mene používateľa Alan DeKok Odoslané: pondelok 31. mája 2021 13:39 Komu: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Predmet: [EXT] Re: TLS 1.3 On May 31, 2021, at 6:15 AM, HERCEK, Marián <marian.hercek@ucm.sk> wrote:
after upgrading to 3.0.22 I can see many authentication problems with old devices (e.g. Android 4.4)
Those devices don't support TLS 1.3. They might *ask for* TLS 1.3, but they won't *implement* it properly.
Using EAP + MSCHAPv2.
If you read the debug output, you'll see that PEAP doesn't support 1.3, either. This is because (for now), we only support TLS 1.3 for EAP-TLS. The reasons why are complex.
I configured tls_min_version to “1.0” and tls_max_version to “1.3”.
Use tls_max_version = "1.3" Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On May 31, 2021, at 7:54 AM, HERCEK, Marián <marian.hercek@ucm.sk> wrote:
1) it's very unlikely Android 4.4 supports TLS 1.3
For HTTPS. Not for EAP. I *do* have some slight understanding of what's going on. What I find frustrating is people asking questions, and then arguing with the answers.
2) recv TLS 1.3 Handshake, ClientHello - does it belong to client (Android 4.4) or NAS (e.g. WiFi AP)?
The WiFi AP doesn't do EAP. So....
3) you mean I have to configure just tls_max_version and not tls_min_version?
Yes. 3.0.22 comes with the following defaults: tls_min_version = "1.2" tls_max_version = "1.2" Use that. Alan DeKok.
Good luck on that. For Android 4.4: it may be compatible with TLS 1.1 and TLS 1.2 but some devices with Android 4.4.x may not support TLS 1.1 or higher. Beware that your not hunting ghosts..
-----Oorspronkelijk bericht----- Van: Freeradius-Users [mailto:freeradius-users-bounces+belle=bazuin.nl@lists.freerad ius.org] Namens Alan DeKok Verzonden: maandag 31 mei 2021 14:09 Aan: FreeRadius users mailing list Onderwerp: Re: [EXT] TLS 1.3
On May 31, 2021, at 7:54 AM, HERCEK, Marián <marian.hercek@ucm.sk> wrote:
1) it's very unlikely Android 4.4 supports TLS 1.3
For HTTPS. Not for EAP.
I *do* have some slight understanding of what's going on. What I find frustrating is people asking questions, and then arguing with the answers.
2) recv TLS 1.3 Handshake, ClientHello - does it belong to client (Android 4.4) or NAS (e.g. WiFi AP)?
The WiFi AP doesn't do EAP. So....
3) you mean I have to configure just tls_max_version and not tls_min_version?
Yes.
3.0.22 comes with the following defaults:
tls_min_version = "1.2" tls_max_version = "1.2"
Use that.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On May 31, 2021, at 8:10 AM, L.P.H. van Belle via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
For Android 4.4: it may be compatible with TLS 1.1 and TLS 1.2 but some devices with Android 4.4.x may not support TLS 1.1 or higher.
Yup. Which is why we changed the default configuration, but didn't forbid the use of TLS 1.0 and TLS 1.1 in the code. RFC 8996 officially deprecates TLS 1.0 and 1.1. Which means we'll likely be using them for another 5 years. :( Alan DeKok.
I had to downgrade to 3.0.21 where old devices work. I've tried config from 3.0.21 with 3.0.22 binary - didn't work. I've tried config shipped with 3.0.22 binary - didn't work. I've tried numerous config changes suggested on internet and here - didn't work. I've tried 3.0.21 binary with backuped 3.0.21 config - it works. -----Pôvodná správa----- Od: Freeradius-Users <freeradius-users-bounces+marian.hercek=ucm.sk@lists.freeradius.org> V mene používateľa Alan DeKok Odoslané: pondelok 31. mája 2021 14:16 Komu: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Predmet: Re: [EXT] TLS 1.3 On May 31, 2021, at 8:10 AM, L.P.H. van Belle via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
For Android 4.4: it may be compatible with TLS 1.1 and TLS 1.2 but some devices with Android 4.4.x may not support TLS 1.1 or higher.
Yup. Which is why we changed the default configuration, but didn't forbid the use of TLS 1.0 and TLS 1.1 in the code. RFC 8996 officially deprecates TLS 1.0 and 1.1. Which means we'll likely be using them for another 5 years. :( Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Jun 4, 2021, at 5:40 AM, HERCEK, Marián <marian.hercek@ucm.sk> wrote:
I had to downgrade to 3.0.21 where old devices work.
I've tried config from 3.0.21 with 3.0.22 binary - didn't work.
What does that mean? Is there debug output you can share?
I've tried config shipped with 3.0.22 binary - didn't work. I've tried numerous config changes suggested on internet and here - didn't work.
I've tried 3.0.21 binary with backuped 3.0.21 config - it works.
"I did stuff and it doesn't work, you guys fix it". Well, we don't know how to fix things if we don't know what's wrong. I don't have enough money or time to buy and test all possible equipment. The project relies on feedback and help from the community. Alan DeKok.
On 04/06/2021 10:40, HERCEK, Marián wrote:
I had to downgrade to 3.0.21 where old devices work.
I've tried config from 3.0.21 with 3.0.22 binary - didn't work. I've tried config shipped with 3.0.22 binary - didn't work. I've tried numerous config changes suggested on internet and here - didn't work.
I've tried 3.0.21 binary with backuped 3.0.21 config - it works.
I've tested this. In raddb/mods-enabled/eap "tls-config tls-common" section, set: tls_min_version = 1.0 tls_max_version = 1.2 cipher_list = "DEFAULT@SECLEVEL=1" Then it works. -- Matthew
participants (4)
-
Alan DeKok -
HERCEK, Marián -
L.P.H. van Belle -
Matthew Newton