TLS 1.3 for PEAP?
The only case I know of where a client has attempted to negotiate TLS 1.3 (for peap) is an Ubuntu 18.04 client running OpenSSL 1.1.1 and it fails during TLS negotiation with our FreeRADIUS server which is v3.0.17 on RHEL 7.6 with OpenSSL 1.1.1c. Do we know with any certainty whether this is a problem with OpenSSL, FreeRADIUS or something else with the peers? I can resolve the problem by setting “tls_max_version = ‘1.2’” but would like to see the negotiation for 1.3 succeed. The failure is early, in the request immediately following the EAP Identity. Here is the relevant debug info. (126) fsu-eap: Calling submodule eap_peap to process data (126) eap_peap: Continuing EAP-TLS (126) eap_peap: Peer sent flags --L (126) eap_peap: Peer indicated complete TLS record size will be 289 bytes (126) eap_peap: Got complete TLS record (289 bytes) (126) eap_peap: [eaptls verify] = length included (126) eap_peap: (other): before SSL initialization (126) eap_peap: TLS_accept: before SSL initialization Ignoring cbtls_msg call with pseudo content type 256, version 0 (126) eap_peap: TLS_accept: before SSL initialization (126) eap_peap: <<< recv TLS 1.3 [length 011c] (126) eap_peap: TLS_accept: SSLv3/TLS read client hello Ignoring cbtls_msg call with pseudo content type 256, version 0 (126) eap_peap: >>> send TLS 1.3 [length 0058] (126) eap_peap: TLS_accept: SSLv3/TLS write server hello Ignoring cbtls_msg call with pseudo content type 256, version 0 (126) eap_peap: >>> send TLS 1.3 [length 0001] (126) eap_peap: TLS_accept: SSLv3/TLS write change cipher spec (126) eap_peap: TLS_accept: TLSv1.3 early data (126) eap_peap: TLS_accept: Need to read more data: TLSv1.3 early data (126) eap_peap: TLS - In Handshake Phase (126) eap_peap: TLS - Failed getting session (126) eap_peap: TLS receive handshake failed during operation (126) eap_peap: [eaptls process] = fail (126) fsu-eap: Failed continuing EAP PEAP (25) session. EAP sub-module failed (126) fsu-eap: Sending EAP Failure (code 4) ID 2 length 4 (126) fsu-eap: Failed in EAP select (126) modsingle[authenticate]: returned from fsu-eap (rlm_eap) (126) [fsu-eap] = invalid (126) } # Auth-Type fsu-eap = invalid (126) Failed to authenticate the user (126) Using Post-Auth-Type Reject Doug Wussler Florida State University
The only case I know of where a client has attempted to negotiate TLS 1.3 (for peap) is an Ubuntu 18.04 client running OpenSSL 1.1.1 and it fails during TLS negotiation with our FreeRADIUS server which is v3.0.17 on RHEL 7.6 with OpenSSL 1.1.1c.
Do we know with any certainty whether this is a problem with OpenSSL, FreeRADIUS or something else with the peers? I can resolve the problem by setting “tls_max_version = ‘1.2’” but would like to see the negotiation for 1.3 succeed. I recommend you to use the latest release 3.0.19, as there are a number of TLS 1.3 issues that were fixed.
Best regards, Alejandro Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800. Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
On Jul 9, 2019, at 3:57 PM, Doug Wussler <doug.wussler@fsu.edu> wrote:
The only case I know of where a client has attempted to negotiate TLS 1.3 (for peap) is an Ubuntu 18.04 client running OpenSSL 1.1.1 and it fails during TLS negotiation with our FreeRADIUS server which is v3.0.17 on RHEL 7.6 with OpenSSL 1.1.1c.
Do we know with any certainty whether this is a problem with OpenSSL, FreeRADIUS or something else with the peers? I can resolve the problem by setting “tls_max_version = ‘1.2’” but would like to see the negotiation for 1.3 succeed.
No, you don't want that. It's simple. EAP-TLS hasn't been standardized for TLS 1.3. PEAP hasn't been standardized for TLS 1.3. You can't just say "1.3 is greater than 1.2, so we'll all upgrade to 1.3". Using TLS 1.3 is a *lot* more complex than that. It looks like the standards will be published "soon". i.e. within a year. The standards should be supported by both FreeRADIUS and wpa_supplicant. It's likely that other operating systems will take much longer to support TLS 1.3 and EAP. Alan DeKok.
participants (3)
-
Alan DeKok -
Alex Perez -
Doug Wussler