EAP - TLS 1.2 Support
Hi Wondering if FreeRadius supports EAP TLS 1.2 authentication; our understanding is, if we have the OpenSSL version that supports the TLS 1.2 ciphers and FreeRadius EAP module is configured with the TLS 1.2 cipher, it should support. ISSUE: ===== Modem fails to do EAP TLS 1.2 authentication. Same modem successfully authenticates if it sends the SSL protocol of TLS 1.0 Want to make sure our FreeRadius configuration for EAP TLS 1.2 is correct. FreeRadius Version Details: ==================== Sat Jan 18 20:02:05 2014 : Info: radiusd: FreeRADIUS Version 3.0.0, for host x86_64-redhat-linux-gnu, built on Nov 19 2013 at 13:23:31 Sat Jan 18 20:02:05 2014 : Debug: Server was built with: Sat Jan 18 20:02:05 2014 : Debug: accounting Sat Jan 18 20:02:05 2014 : Debug: authentication Sat Jan 18 20:02:05 2014 : Debug: ascend binary attributes Sat Jan 18 20:02:05 2014 : Debug: coa Sat Jan 18 20:02:05 2014 : Debug: control-socket Sat Jan 18 20:02:05 2014 : Debug: detail Sat Jan 18 20:02:05 2014 : Debug: dhcp Sat Jan 18 20:02:05 2014 : Debug: dynamic clients Sat Jan 18 20:02:05 2014 : Debug: proxy Sat Jan 18 20:02:05 2014 : Debug: regex-pcre Sat Jan 18 20:02:05 2014 : Debug: session-management Sat Jan 18 20:02:05 2014 : Debug: stats Sat Jan 18 20:02:05 2014 : Debug: tcp Sat Jan 18 20:02:05 2014 : Debug: threads Sat Jan 18 20:02:05 2014 : Debug: tls Sat Jan 18 20:02:05 2014 : Debug: unlang Sat Jan 18 20:02:05 2014 : Debug: vmps Sat Jan 18 20:02:05 2014 : Debug: Server core libs: Sat Jan 18 20:02:05 2014 : Debug: talloc : 2.0.* Sat Jan 18 20:02:05 2014 : Debug: ssl : OpenSSL 1.0.0-fips 29 Mar 2010 SSL Version Details ============== OpenSSL 1.0.1e-fips 11 Feb 2013 OpenSSL ciphers: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:KRB5-DES-CBC3-SHA:KRB5-DES-CBC3-MD5:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:KRB5-IDEA-CBC-SHA:KRB5-IDEA-CBC-MD5:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:KRB5-DES-CBC-SHA:KRB5-DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-KRB5-RC4-MD5 CONFIGURATION: ============== Sorry if we missed any additional documentation, for EAP TLS 1.2 authentication, we updated our eap configuration cipher: cipher_list = "AES256-SHA256" When the modem sends the protocol as TLS 1.0 - it authenticates successfully with the cipher_list "AES256-SHA256:AES128-SHA" or cipher_list set to "DEFAULT"; But, when modem sends the protocol as TLS 2.0; the authentication fails in EAP module, with following error: ERROR from radius log ================= With cipher set to (AES256-SHA256), we see following error in the log: (3) eap : EAP TLS (13) (3) eap : Calling eap_tls to process EAP data (3) eap_tls : Authenticate (3) eap_tls : processing EAP-TLS TLS Length 50 (3) eap_tls : Length Included (3) eap_tls : eaptls_verify returned 11 (3) eap_tls : (other): before/accept initialization (3) eap_tls : TLS_accept: before/accept initialization (3) eap_tls : <<< TLS 1.0 Handshake [length 002d], ClientHello (3) eap_tls : >>> TLS 1.0 Alert [length 0002], fatal handshake_failure [1m[31m(3) ERROR: eap_tls : SSL says: TLS Alert write:fatal:handshake failure[0m [1m[31m(3) ERROR: eap_tls : SSL says: TLS_accept: error in SSLv3 read client hello C[0m [1m[31m(3) ERROR: eap_tls : SSL says: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher[0m [31mSSL: SSL_read failed in a system call (-1), TLS session fails.[0m TLS receive handshake failed during operation (3) eap_tls : eaptls_process returned 4 [1m[31m(3) ERROR: eap : Failed continuing EAP TLS (13) session. EAP sub-module failed[0m (3) eap : Failed in EAP select (3) [eap] = invalid (3) } # Auth-Type eap = invalid (3) Failed to authenticate the user. Attached is the complete log with -X option. Access-Request - Packet Capture Detail - EAP Message: ========================================== Here is the Access-Request packet capture from modem showing the SSL protocol as TLS 1.2, along with the Cipher's being sent (0x003d - AES256-SHA256, and 0x002f - AES128-SHA) AVP: l=64 t=EAP-Message(79) Last Segment[1] EAP fragment Extensible Authentication Protocol Code: Response (2) Id: 1 Length: 62 Type: TLS EAP (EAP-TLS) (13) EAP-TLS Flags: 0x80 1... .... = Length Included: True .0.. .... = More Fragments: False ..0. .... = Start: False EAP-TLS Length: 52 Secure Sockets Layer SSL Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 47 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 43 Version: TLS 1.2 (0x0303) Random gmt_unix_time: Jan 17, 2014 10:28:34.000000000 Pacific Standard Time random_bytes: 5aece723603b9f8864bfd0c80e592377f01f0b4cc787511d... Session ID Length: 0 Cipher Suites Length: 4 Cipher Suites (2 suites) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Compression Methods Length: 1 Compression Methods (1 method) Compression Method: null (0) Please let us know if you need any additional information. Thanks -Hanu
Cholleti, Hanumantha wrote:
Wondering if FreeRadius supports EAP TLS 1.2 authentication; our understanding is, if we have the OpenSSL version that supports the TLS 1.2 ciphers and FreeRadius EAP module is configured with the TLS 1.2 cipher, it should support.
FreeRADIUS uses OpenSSL for TLS. So any TLS version requirements are requirements on OpenSSL.
Sorry if we missed any additional documentation, for EAP TLS 1.2 authentication, we updated our eap configuration cipher: cipher_list = "AES256-SHA256"
You should have more ciphers than that. Why break the default configuration?
(3) ERROR: eap_tls : SSL says: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
That's pretty definitive. You need to configure a shared cipher.
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Note that those are *not* the cipher you configured above. They have to be *identical*, so far is I know. Why not use use the default cipher list? Have you even tried? It should work. Alan DeKok.
Hi, the primary issue is the cipher list mismatch, as Alan noted. But you should also pay attention here:
Sat Jan 18 20:02:05 2014 : Debug: ssl : OpenSSL 1.0.0-fips 29 Mar 2010
SSL Version Details ============== OpenSSL 1.0.1e-fips 11 Feb 2013
Your OpenSSL library version is not what you think it is.
CONFIGURATION: ============== Sorry if we missed any additional documentation, for EAP TLS 1.2 authentication, we updated our eap configuration cipher: cipher_list = "AES256-SHA256"
Ciphers and TLS versions are only very mildly coupled. Butchering the cipher list is not a very healthy approach.
When the modem sends the protocol as TLS 1.0 - it authenticates successfully with the cipher_list "AES256-SHA256:AES128-SHA" or cipher_list set to "DEFAULT";
Good. Then set cipher_list to "DEFAULT". Or if you want only "good" ciphers try something along the lines of "ALL:!MEDIUM:!LOW" to exclude weak and medium-strength ciphers. There's plenty of good documentation on the use of ciphers for Apache Ask Google and inspire yourself.
But, when modem sends the protocol as TLS 2.0; the authentication fails in EAP module, with following error:
There is no TLS 2.0. Greetings, Stefan Winter
Thank you Alan and Stefan for the quick response...
Why not use the default cipher list? Have you even tried? It should work. Alan, tried with the "DEFAULT" cipher_list and get the same error (attached is the complete debug log with -X option): (1) eap : EAP TLS (13) (1) eap : Calling eap_tls to process EAP data (1) eap_tls : Authenticate (1) eap_tls : processing EAP-TLS TLS Length 50 (1) eap_tls : Length Included (1) eap_tls : eaptls_verify returned 11 (1) eap_tls : (other): before/accept initialization (1) eap_tls : TLS_accept: before/accept initialization (1) eap_tls : <<< TLS 1.0 Handshake [length 002d], ClientHello (1) eap_tls : >>> TLS 1.0 Alert [length 0002], fatal handshake_failure [1m [31m(1) ERROR: eap_tls : SSL says: TLS Alert write:fatal:handshake failure [0m [1m [31m(1) ERROR: eap_tls : SSL says: TLS_accept: error in SSLv3 read client hello C [0m [1m [31m(1) ERROR: eap_tls : SSL says: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher [0m [31mSSL: SSL_read failed in a system call (-1), TLS session fails. [0m TLS receive handshake failed during operation (1) eap_tls : eaptls_process returned 4 [1m [31m(1) ERROR: eap : Failed continuing EAP TLS (13) session. EAP sub-module failed [0m (1) eap : Failed in EAP select (1) [eap] = invalid (1) } # Auth-Type eap = invalid (1) Failed to authenticate the user.
Your OpenSSL library version is not what you think it is. Stefan, we thought the same, what OpenSSL version command shows as "OpenSSL 1.0.1e-fips 11 Feb 2013" vs what FreeRadius version shows as "OpenSSL 1.0.0-fips 29 Mar 2010"
The FreeRadius RPM we deployed was based on older version of OpenSSL, so we thought by upgrading the OpenSSL it could use the newer version. Do we have to rebuild the FreeRadius RPM using the " OpenSSL 1.0.1e-fips 11 Feb 2013" version. The reason we thought upgrading the OpenSSL is good enough is; before we upgraded OpenSSL and in the EAPcipher_list if we used " AES256-SHA256", FreeRadius failed to start with the error of invalid cipher list. After we upgraded the OpenSSL, FreeRadius started successfully. With this we assumed that OpenAM is using upgraded OpenSSL.
There is no TLS 2.0. Stefan, sorry that was a typo on my part, meant TLS 1.2 - when modem sends the protocol as TLS 1.2; the authentication fails in EAP module, with above error. If the modem sends protocol as TLS 1.0, authentication is successful.
Thanks -Hanu
Sorry - there is a typo in the below email - I meant FreeRadius and not OpenAM below: The reason we thought upgrading the OpenSSL is good enough is; before we upgraded OpenSSL and in the EAPcipher_list if we used " AES256-SHA256", FreeRadius failed to start with the error of invalid cipher list. After we upgraded the OpenSSL, FreeRadius started successfully. With this we assumed that FreeRadius is using upgraded OpenSSL. Thanks -Hanu -----Original Message----- From: freeradius-users-bounces+hanumantha.cholleti=viasat.com@lists.freeradius.org [mailto:freeradius-users-bounces+hanumantha.cholleti=viasat.com@lists.freeradius.org] On Behalf Of Cholleti, Hanumantha Sent: Sunday, January 19, 2014 2:14 PM To: FreeRadius users mailing list Subject: RE: EAP - TLS 1.2 Support Thank you Alan and Stefan for the quick response...
Why not use the default cipher list? Have you even tried? It should work. Alan, tried with the "DEFAULT" cipher_list and get the same error (attached is the complete debug log with -X option): (1) eap : EAP TLS (13) (1) eap : Calling eap_tls to process EAP data (1) eap_tls : Authenticate (1) eap_tls : processing EAP-TLS TLS Length 50 (1) eap_tls : Length Included (1) eap_tls : eaptls_verify returned 11 (1) eap_tls : (other): before/accept initialization (1) eap_tls : TLS_accept: before/accept initialization (1) eap_tls : <<< TLS 1.0 Handshake [length 002d], ClientHello (1) eap_tls : >>> TLS 1.0 Alert [length 0002], fatal handshake_failure [1m [31m(1) ERROR: eap_tls : SSL says: TLS Alert write:fatal:handshake failure [0m [1m [31m(1) ERROR: eap_tls : SSL says: TLS_accept: error in SSLv3 read client hello C [0m [1m [31m(1) ERROR: eap_tls : SSL says: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher [0m [31mSSL: SSL_read failed in a system call (-1), TLS session fails. [0m TLS receive handshake failed during operation (1) eap_tls : eaptls_process returned 4 [1m [31m(1) ERROR: eap : Failed continuing EAP TLS (13) session. EAP sub-module failed [0m (1) eap : Failed in EAP select (1) [eap] = invalid (1) } # Auth-Type eap = invalid (1) Failed to authenticate the user.
Your OpenSSL library version is not what you think it is. Stefan, we thought the same, what OpenSSL version command shows as "OpenSSL 1.0.1e-fips 11 Feb 2013" vs what FreeRadius version shows as "OpenSSL 1.0.0-fips 29 Mar 2010"
The FreeRadius RPM we deployed was based on older version of OpenSSL, so we thought by upgrading the OpenSSL it could use the newer version. Do we have to rebuild the FreeRadius RPM using the " OpenSSL 1.0.1e-fips 11 Feb 2013" version. The reason we thought upgrading the OpenSSL is good enough is; before we upgraded OpenSSL and in the EAPcipher_list if we used " AES256-SHA256", FreeRadius failed to start with the error of invalid cipher list. After we upgraded the OpenSSL, FreeRadius started successfully. With this we assumed that OpenAM is using upgraded OpenSSL.
There is no TLS 2.0. Stefan, sorry that was a typo on my part, meant TLS 1.2 - when modem sends the protocol as TLS 1.2; the authentication fails in EAP module, with above error. If the modem sends protocol as TLS 1.0, authentication is successful.
Thanks -Hanu
participants (3)
-
Alan DeKok -
Cholleti, Hanumantha -
Stefan Winter