Server stopped responding, throwing multiple SSL-related errors
Ben Beuchler
insyte at gmail.com
Mon Oct 23 20:05:56 CEST 2006
I'm running FreeRADIUS 1.1.2 on Ubuntu. This morning one of the two
servers stopped answering requests. The radius log contained
thousands of lines like these:
Mon Oct 23 12:32:56 2006 : Error: TLS Alert write:fatal:illegal parameter
Mon Oct 23 12:32:56 2006 : Error: TLS_accept:error in SSLv3 read
certificate verify A
Mon Oct 23 12:32:56 2006 : Error: rlm_eap: SSL error
error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size
Mon Oct 23 12:32:56 2006 : Error: rlm_eap_tls: SSL_read failed in a
system call (-1), TLS session fails.
Mon Oct 23 12:33:02 2006 : Error: TLS_accept:error in SSLv3 read
client certificate A
Mon Oct 23 12:33:02 2006 : Error: rlm_eap: SSL error
error:00000000:lib(0):func(0):reason(0)
Mon Oct 23 12:33:02 2006 : Error: TLS Alert write:fatal:bad record mac
Mon Oct 23 12:33:02 2006 : Error: TLS_accept:error in SSLv3 read
certificate verify A
Mon Oct 23 12:33:02 2006 : Error: rlm_eap: SSL error
error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad
record mac
Mon Oct 23 12:33:02 2006 : Error: rlm_eap_tls: SSL_read failed in a
system call (-1), TLS session fails.
Mon Oct 23 12:33:02 2006 : Error: TLS Alert write:fatal:illegal parameter
Mon Oct 23 12:33:02 2006 : Error: TLS_accept:error in SSLv3 read
certificate verify A
Mon Oct 23 12:33:02 2006 : Error: rlm_eap: SSL error
error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size
Mon Oct 23 12:33:02 2006 : Error: rlm_eap_tls: SSL_read failed in a
system call (-1), TLS session fails.
Mon Oct 23 12:33:16 2006 : Error: TLS_accept:error in SSLv3 read
client certificate A
Restarting radiusd fixed it.
My build of FreeRADIUS was built from source, the SSL library is the
Ubuntu system openssl (v. 0.9.7).
Any idea what might have gone wrong?
-Ben
More information about the Freeradius-Users
mailing list