(4) eap_tls: ERROR: TLS Alert write:fatal:unexpected_message

Alan DeKok aland at deployingradius.com
Tue Jun 15 14:16:17 CEST 2021

On Jun 14, 2021, at 10:41 PM, Michel Verhagen <mike at guruce.com> wrote:
> I finally managed to get back to this project. I have now built the FreeRadius 3.0.x branch straight from Git. The server reports:
> FreeRADIUS Version 3.0.24

  That's good.

> When I try to authenticate using TLS (using the certificate ca.pem created using ./bootstrap), the FreeRadius server outputs this:
> (9) Found Auth-Type = eap
> (9) # Executing group from file
> /usr/local/etc/raddb/sites-enabled/default
> (9)   authenticate {
> (9) eap: Expiring EAP session with state 0xde98ecf7dd9de19b
> (9) eap: Finished EAP session with state 0xde98ecf7dd9de19b
> (9) eap: Previous EAP request found for state 0xde98ecf7dd9de19b,
> released from the list
> (9) eap: Peer sent packet with method EAP TLS (13)
> (9) eap: Calling submodule eap_tls to process data
> (9) eap_tls: (TLS) EAP Done initial handshake
> (9) eap_tls: (TLS) Handshake state - Server SSLv3/TLS write server done
> (9) eap_tls: (TLS) send TLS 1.2 Alert, fatal unexpected_message
> (9) eap_tls: ERROR: (TLS) Alert write:fatal:unexpected_message

    The "unexpected_message" alert means that OpenSSL says the other end is sending something that it doesn't like.

  So... it would help to get the rest of the debug for this session.

> Do you have any pointers where to look next?

  FULL debug output.  It's just a waste of time to post anything else.

  Alan DeKok.

More information about the Freeradius-Devel mailing list