problem with PEAP/MSCHAPv2

Alan DeKok aland at deployingradius.com
Wed Mar 31 21:38:20 CEST 2010


Christian Pinedo Zamalloa wrote:
> hello,
> 
> I have found some errors in my freeradius server logs. It seems that
> some clients are having problems to authenticate againts them. I'm using
> PEAP/MSCHAPv2 with the latest freeradius version and SUSE OS.
> 
> Mon Mar 29 14:20:56 2010 : Error: TLS Alert write:fatal:protocol version
> Mon Mar 29 14:20:56 2010 : Error: rlm_eap: SSL error error:1408F10B:SSL
> routines:SSL3_GET_RECORD:wrong version number
> Mon Mar 29 14:20:56 2010 : Error: SSL: SSL_read failed in a system call
> (-1), TLS session fails.

  The client is likely doing TLS v1.1, and the OpenSSL libraries don't
support it.

  i.e. the client is *ignoring* TLS negotiation.  They're broken.  Tell
the vendor to fix them.

  Alan DeKok.



More information about the Freeradius-Users mailing list