TLS problem after upgrade to 3.0.23
dear savers ... I have a server that run 3.0.21 I do apt-get upgrade by mistake and discover it update the freeradius to 3.0.23-2 now I'm in this stiuation all the the time (0) (TLS) Initiating new session (0) (TLS) Setting verify mode to require certificate from client (0) (TLS) Handshake state - before SSL initialization (0) (TLS) Handshake state - Server before SSL initialization (0) (TLS) Handshake state - Server before SSL initialization (0) (TLS) recv TLS 1.3 Handshake, ClientHello (0) (TLS) Handshake state - Server SSLv3/TLS read client hello (0) (TLS) send TLS 1.2 Handshake, ServerHello (0) (TLS) Handshake state - Server SSLv3/TLS write server hello (0) (TLS) send TLS 1.2 Handshake, Certificate (0) (TLS) Handshake state - Server SSLv3/TLS write certificate (0) (TLS) send TLS 1.2 Handshake, ServerKeyExchange (0) (TLS) Handshake state - Server SSLv3/TLS write key exchange (0) (TLS) send TLS 1.2 Handshake, CertificateRequest (0) (TLS) Handshake state - Server SSLv3/TLS write certificate request (0) (TLS) send TLS 1.2 Handshake, ServerHelloDone (0) (TLS) Handshake state - Server SSLv3/TLS write server done (0) (TLS) Server : Need to read more data: SSLv3/TLS write server done (0) (TLS) In Handshake Phase ... cleaning up socket auth+acct from client (45.247.114.183, 51231) -> (*, 2083, virtual-server=default) (0) (TLS) Server : Need to read more data: SSLv3/TLS write server done (0) (TLS) In Handshake Phase (0) (TLS) Application data. (0) FAILED in TLS handshake receive even I used the same config it's keep refuse to handshake what is the solution for that
On 27/07/2021 06:08, mohamed almeshal wrote:
I have a server that run 3.0.21 I do apt-get upgrade by mistake and discover it update the freeradius to 3.0.23-2 now I'm in this stiuation all the the time
(0) (TLS) Initiating new session (0) (TLS) Setting verify mode to require certificate from client (0) (TLS) Handshake state - before SSL initialization (0) (TLS) Handshake state - Server before SSL initialization (0) (TLS) Handshake state - Server before SSL initialization (0) (TLS) recv TLS 1.3 Handshake, ClientHello (0) (TLS) Handshake state - Server SSLv3/TLS read client hello (0) (TLS) send TLS 1.2 Handshake, ServerHello (0) (TLS) Handshake state - Server SSLv3/TLS write server hello ...
even I used the same config it's keep refuse to handshake what is the solution for that
You've not sent most of the debug output, so this answer is a vague guess, but check your TLS version config, and especially the cipher_list. https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/mods-avail... -- Matthew
On Jul 27, 2021, at 1:08 AM, mohamed almeshal <mohammed.almeshal@hotmail.com> wrote:
I have a server that run 3.0.21 I do apt-get upgrade by mistake and discover it update the freeradius to 3.0.23-2 now I'm in this stiuation all the the time ... even I used the same config it's keep refuse to handshake what is the solution for that
We don't know. You've "helpfully" given as little information as possible. What RadSec client are you using? Alan Dekok.
participants (3)
-
Alan DeKok -
Matthew Newton -
mohamed almeshal