(4) eap_tls: ERROR: TLS Alert write:fatal:unexpected_message

Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon Jun 21 22:03:25 CEST 2021



> On Jun 21, 2021, at 7:03 AM, Alan DeKok <aland at deployingradius.com> wrote:
> 
> On Jun 17, 2021, at 10:07 PM, Michel Verhagen <mike at guruce.com> wrote:
>> With whatever I have tried, wireshark always complains about the .pem files, passwords, etc.
> 
>  I ran into the same thing. No matter what I do, wireshark is unable to open the PEM files.  This is disappointing.  IIRC it used to work.
> 
>> I have tried this:
>> 
>> Wireshark -> Edit -> Preferences -> Protocols -> TLS -> RSA keys list [Edit...] -> ip any, port 0, protocol data, key file ca.pem, password <nothing>, but wireshark pops up an error dialog stating "Can't load private key from ca.pem: can't import pem data: The requested data were not available". I don't think I can use the (Pre)-Master-Secret log filename (setting the "SSLKEYLOGFILE" environment variable) because that requires a webbrowser like Chrome. Anyway, any pointers on how to capture the right stuff and decode using the certs from Freeradius would be appreciated.
> 
>  I pushed some changes which add some more information to debug 4 (radiusd -Xxx)
> 
> * print out a hex dump of the TLS messages, this gives more information on what's going on
> 
> * print out TLS information needed by Wireshark to decode the packets, as per: https://wiki.wireshark.org/TLS
> 
> ...
> Sun Jun 20 09:24:42 2021 : Debug: (20) eap_ttls: (TLS) KEYLOG: CLIENT_RANDOM B3C3EF6D1A8D9C0C0AB670824767991DC3E309AD47D317942C1A5CAF670A8E07 2C6B1E41C4FEEDABCF58568539E9B48DA2C79A2C1CBAE402FED4428BD59442A8DBE50553EDC5B927BEE5A0DA8AC90120
> ...
> 
>  In *theory* you should be able to grab the text after "KEYLOG:", place it into a file, and then have Wireshark load it.  However, that also doesn't work for me.  i.e. it never complains about the file, but also never decrypts any of the TLS data.

There's a function in OpenSSL for specifically dumping a keylog file.  Might want to try that and see if the format differs?

https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_keylog_callback.html

Looks recent...

-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20210621/0f21dc60/attachment.sig>


More information about the Freeradius-Devel mailing list