hi, I have set up on our freeradius server EAP-TLS with a user certificate. I put together the user certificate + key + CA server in a .p12 file. At first on android, windows 10 and 11 it is working. My problem is with windows 7. *The freeradius log shows this:* Mon Mar 7 10:40:38 2022 : Debug: (46) eap_tls: (TLS) recv TLS 1.3 Handshake, ClientHello Mon Mar 7 10:40:38 2022 : Debug: (TLS) Ignoring cbtls_msg call with pseudo content type 256, version 0 Mon Mar 7 10:40:38 2022 : Debug: (TLS) Received 2 bytes of TLS data Mon Mar 7 10:40:38 2022 : Debug: (TLS) 02 46 Mon Mar 7 10:40:38 2022 : Debug: (46) eap_tls: (TLS) send TLS 1.0 Alert, fatal protocol_version Mon Mar 7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) Alert write:fatal:protocol version Mon Mar 7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) Server : Error in error Mon Mar 7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) Failed reading from OpenSSL: ../ssl/statem/statem_srvr.c[1661]:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol Mon Mar 7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) System call (I/O) error (-1) Mon Mar 7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) EAP Receive handshake failed during operation Mon Mar 7 10:40:38 2022 : ERROR: (46) eap_tls: [eaptls process] = fail Mon Mar 7 10:40:38 2022 : ERROR: (46) eap: Failed continuing EAP TLS (13) session. EAP sub-module failed Mon Mar 7 10:40:38 2022 : Debug: (46) eap: Sending EAP Failure (code 4) ID 82 length 4 Mon Mar 7 10:40:38 2022 : Debug: (46) eap: Failed in EAP select Mon Mar 7 10:40:38 2022 : Debug: (46) modsingle[authenticate]: returned from eap (rlm_eap) Mon Mar 7 10:40:38 2022 : Debug: (46) [eap] = invalid Mon Mar 7 10:40:38 2022 : Debug: (46) } # authenticate = invalid Mon Mar 7 10:40:38 2022 : Debug: (46) Failed to authenticate the user In windows 7 client I looked for some information in the event viewer, but found nothing. Anyone else using this method, is having this problem? -- Elias Pereira
Try setting cipher_list = "DEFAULT@SECLEVEL=1" tls_min_version = "1.0" tls_max_version = "1.2" in eap module configuration Regards, Jochem IOLAN B.V. • Mon Plaisir 26 • 4879 AN Etten-Leur • The Netherlands T +31 (0)76 50 26 100 • F +31 (0)76 50 26 199 E iolan@iolan.com • I http://www.iolan.com/ De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents here in and notify the sender immediately by return e-mail. -----Oorspronkelijk bericht----- Van: Freeradius-Users [mailto:freeradius-users-bounces+j.sparla=iolan.com@lists.freeradius.org] Namens Elias Pereira Verzonden: maandag 7 maart 2022 15:29 Aan: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Onderwerp: EAP-TLS not working with windows 7 hi, I have set up on our freeradius server EAP-TLS with a user certificate. I put together the user certificate + key + CA server in a .p12 file. At first on android, windows 10 and 11 it is working. My problem is with windows 7. *The freeradius log shows this:* Mon Mar 7 10:40:38 2022 : Debug: (46) eap_tls: (TLS) recv TLS 1.3 Handshake, ClientHello Mon Mar 7 10:40:38 2022 : Debug: (TLS) Ignoring cbtls_msg call with pseudo content type 256, version 0 Mon Mar 7 10:40:38 2022 : Debug: (TLS) Received 2 bytes of TLS data Mon Mar 7 10:40:38 2022 : Debug: (TLS) 02 46 Mon Mar 7 10:40:38 2022 : Debug: (46) eap_tls: (TLS) send TLS 1.0 Alert, fatal protocol_version Mon Mar 7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) Alert write:fatal:protocol version Mon Mar 7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) Server : Error in error Mon Mar 7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) Failed reading from OpenSSL: ../ssl/statem/statem_srvr.c[1661]:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol Mon Mar 7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) System call (I/O) error (-1) Mon Mar 7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) EAP Receive handshake failed during operation Mon Mar 7 10:40:38 2022 : ERROR: (46) eap_tls: [eaptls process] = fail Mon Mar 7 10:40:38 2022 : ERROR: (46) eap: Failed continuing EAP TLS (13) session. EAP sub-module failed Mon Mar 7 10:40:38 2022 : Debug: (46) eap: Sending EAP Failure (code 4) ID 82 length 4 Mon Mar 7 10:40:38 2022 : Debug: (46) eap: Failed in EAP select Mon Mar 7 10:40:38 2022 : Debug: (46) modsingle[authenticate]: returned from eap (rlm_eap) Mon Mar 7 10:40:38 2022 : Debug: (46) [eap] = invalid Mon Mar 7 10:40:38 2022 : Debug: (46) } # authenticate = invalid Mon Mar 7 10:40:38 2022 : Debug: (46) Failed to authenticate the user In windows 7 client I looked for some information in the event viewer, but found nothing. Anyone else using this method, is having this problem? -- Elias Pereira - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Mon Mar 7 10:40:38 2022 : Debug: (46) eap_tls: (TLS) send TLS 1.0 Alert, fatal protocol_version Mon Mar 7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) Alert write:fatal:protocol version
your clients are not using the TLS version which you've configured. I cannot say which are active without the full debug output, but it's properly that the only enabled TLS version is 1.2. On Win7 you'll have to enable that manually. Regards, Lineconnect
participants (3)
-
Elias Pereira -
Jochem Sparla -
Nabble