problem with PEAP/MSCHAPv2
Alan DeKok
aland at deployingradius.com
Wed Mar 31 21:38:20 CEST 2010
Christian Pinedo Zamalloa wrote:
> hello,
>
> I have found some errors in my freeradius server logs. It seems that
> some clients are having problems to authenticate againts them. I'm using
> PEAP/MSCHAPv2 with the latest freeradius version and SUSE OS.
>
> Mon Mar 29 14:20:56 2010 : Error: TLS Alert write:fatal:protocol version
> Mon Mar 29 14:20:56 2010 : Error: rlm_eap: SSL error error:1408F10B:SSL
> routines:SSL3_GET_RECORD:wrong version number
> Mon Mar 29 14:20:56 2010 : Error: SSL: SSL_read failed in a system call
> (-1), TLS session fails.
The client is likely doing TLS v1.1, and the OpenSSL libraries don't
support it.
i.e. the client is *ignoring* TLS negotiation. They're broken. Tell
the vendor to fix them.
Alan DeKok.
More information about the Freeradius-Users
mailing list