Windows 8.1 Wi-Fi client handshake failure
Alan DeKok
aland at deployingradius.com
Mon Oct 6 22:30:11 CEST 2014
Martin Rowe wrote:
> The specific issue as far as I can troubleshoot is that the client and
> server can't agree on a shared TLS cipher. I'm seeing these lines in
> my logs every time I attempt a connection:
You'll probably need to update the "cipher_list" in the "eap" module
configuration. Windows is picky...
> But that is as far as I can get. I've tried disabling every option I
> can in the configs and many variations on the Windows side, but they
> all stop at the same point. There is no limit I have set on which TLS
> ciphers can be used (cipher_list in eap{tls{}} is not used, and gave
> the same error when set to DEFAULT).
The DEFAULT list of ciphers is old. Your OpenSSL libraries may not
include the new ciphers that Windows expects.
Try setting it to "ALL". If that doesn't work, it's more difficult to
say what's wrong. Windows is "helpful" and doesn't produce reasonable
error messages about what it expects.
> My only other guess is there is something wrong with the certificates,
> but I'm not sure what might be wrong. I have copied both my root and
> my radius intermediate CA certificates onto the Windows client along
> with the client certificate and key. They are installed and the chain
> is valid according to the Windows Credential Manager.
Then that should work.
Does PEAP work?
Alan DeKok.
More information about the Freeradius-Users
mailing list