(4) eap_tls: ERROR: TLS Alert write:fatal:unexpected_message
Michel Verhagen
mike at guruce.com
Fri Jun 18 04:07:13 CEST 2021
> My suggestion is to use the test certs (so you don't care about secrecy), and then use Wireshark. You can pass it the certs and passwords, then it will decode all of the TLS data for you. That will tell you exactly what's going on behind the scenes.
I am using the test certs as generated by ./bootstrap. I am having
trouble finding the right instructions for setting up Wireshark to
decode EAPOL-TLS (over LAN, not WIFI). If you could provide some
guidance, that would be much appreciated.
With whatever I have tried, wireshark always complains about the .pem
files, passwords, etc. I have tried this:
Wireshark -> Edit -> Preferences -> Protocols -> TLS -> RSA keys list
[Edit...] -> ip any, port 0, protocol data, key file ca.pem, password
<nothing>, but wireshark pops up an error dialog stating "Can't load
private key from ca.pem: can't import pem data: The requested data were
not available". I don't think I can use the (Pre)-Master-Secret log
filename (setting the "SSLKEYLOGFILE" environment variable) because that
requires a webbrowser like Chrome. Anyway, any pointers on how to
capture the right stuff and decode using the certs from Freeradius would
be appreciated.
More information about the Freeradius-Devel
mailing list