No client cert request when configured EAP-TLS-Require-Client-Cert

Yoni Levin yoni.levin at
Tue Aug 25 14:30:46 CEST 2009

Forgot to add the sniffing results earlier



I have strange behavior on my freeradius.

I try to make it ask for client certificate as part of EAP-TTLS

I added the configuration EAP-TLS-Require-Client-Cert = Yes to users
configuration file as control for my username.

And got the following LOG    

 TLS_accept: SSLv3 write server done A

[ttls]     TLS_accept: SSLv3 flush data

[ttls]     TLS_accept: Need to read more data: SSLv3 read client

However, the sniffing shows no client certificate sending and there is
no cert request sent by the server

You can see it below

Thanks for your help.

Radius Protocol

    Code: Access-challenge (11)

    Packet identifier: 0x2 (2)

    Length: 1090

    Authenticator: 30C0590D2DA3E4BBA06A60E9956D6441

    Attribute Value Pairs

        AVP: l=255  t=EAP-Message(79) Segment[1]

        AVP: l=255  t=EAP-Message(79) Segment[2]

        AVP: l=255  t=EAP-Message(79) Segment[3]

        AVP: l=255  t=EAP-Message(79) Segment[4]

        AVP: l=14  t=EAP-Message(79) Last Segment[5]

            EAP fragment

            Extensible Authentication Protocol

                Code: Request (1)

                Id: 3

                Length: 1024

                Type: EAP-TTLS [RFC5281] (21)

                Flags(0xC0): Length More 

                TTLS version 0

                Length: 3578

                [EAP-TLS Fragments (3578 bytes): #14(1014), #16(1014),
#18(1014), #20(536)]

                Secure Socket Layer

                    TLSv1 Record Layer: Handshake Protocol: Server Hello

                    TLSv1 Record Layer: Handshake Protocol: Certificate

                    TLSv1 Record Layer: Handshake Protocol: Server Key

                    TLSv1 Record Layer: Handshake Protocol: Server Hello

        AVP: l=18  t=Message-Authenticator(80):

        AVP: l=18  t=State(24): A97FDCBBAB7CC99E1A7630EF1EB500F8

            State: A97FDCBBAB7CC99E1A7630EF1EB500F8

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list