Error with TLS 1.3 - Problem with wpa_supplicant or freeradius?
Jan-Frederik Rieckers
rieckers+freeradius-devel at uni-bremen.de
Mon Sep 16 11:49:28 CEST 2019
Hello,
I'm currently testing freeradius v4 with eduroam and have encountered an
issue with TLS 1.3:
FreeRADIUS errors with the following error message:
> (9) eap.ttls - Continuing EAP-TLS
> (9) eap.ttls - Got complete TLS record (146 bytes)
> (9) eap.ttls - [eap-tls verify] = complete
> (9) eap.ttls - <<< recv TLS 1.3, inner_content_type[length 1]
> (9) eap.ttls - Decrypted TLS application data (124 bytes)
> (9) eap.ttls - [eap-tls process] = complete
> (9) eap.ttls - Session established. Decoding Diameter attributes
> (9) eap.ttls - ERROR: Decoding TTLS TLVs failed: Tunneled challenge is incorrect
> (9) eap.ttls (reject)
> (9) eap - Resuming execution
> (9) eap - Sending EAP Failure (code 4) ID 10 length 4
> (9) eap - Cleaning up EAP session
> (9) eap (reject)
The error shows up in the second EAP packet from the client after the
Server Hello Done by the server (according to a wireshark capture)
Server:
current master (c406ab8) on debian buster with libssl-dev 1.1.1c-1
Client:
Ubuntu 18.04.3 wpa_supplicant v2.6 OpenSSL 1.1.1
I have looked on some issues on Github which pointed out it's a problem
on wpa_supplicant side.
Since I currently don't have any other TLS1.3 capable radius server to
test I just wanted to ask: Is this a problem in FreeRADIUS or in
wpa_supplicant?
Kind regards
Jan-Frederik Rieckers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20190916/072e51d7/attachment.sig>
More information about the Freeradius-Devel
mailing list