EAP-TLS testing, occasional errors

Bertalan Voros bertalan.voros at gmail.com
Thu Mar 7 17:01:07 CET 2013

Hello All,

I have configured a server to test EAP-TLS.

Created the CA, a server and one client certificate.
The same client certificate was then installed on three different devices;
OSX, Windows 7 and an Android 4.2.

All is well, all the devices can authenticate successfully, however, every
now and again I can see similar entries in the log like the one below.

A failure.
Thu Mar  7 14:30:57 2013 : Error: TLS Alert write:fatal:handshake failure
Thu Mar  7 14:30:57 2013 : Error:     TLS_accept: error in SSLv3 read
client certificate B
Thu Mar  7 14:30:57 2013 : Error: rlm_eap: SSL error error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Thu Mar  7 14:30:57 2013 : Error: SSL: SSL_read failed in a system call
(-1), TLS session fails.
Thu Mar  7 14:30:57 2013 : Auth: Login incorrect (TLS Alert
write:fatal:handshake failure): [wifiuser] (from client CiscoAP port 289
cli 10-68-3F-48-41-46)

Then a success soon after from the same device (this is the Android one)
Thu Mar  7 14:32:10 2013 : Auth: Login OK: [wifiuser] (from client CiscoAP
port 291 cli 10-68-3F-48-41-46)

Very occasionally the Android device would give up and not attempt to

The AP is set to reauthenticate clients every 10 minutes. (a rickety old
Cisco Aironet 1200).

Has anyone seen this before?

Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130307/959d0967/attachment.html>

More information about the Freeradius-Users mailing list