[ttls] <<< Unknown TLS version [length 0002]

Alan DeKok aland at deployingradius.com
Wed May 20 16:48:08 CEST 2015


On May 20, 2015, at 10:45 AM, gabriel_skupien <gabriel_skupien at o2.pl> wrote:
> What about this part of the error:
> "TLS Alert read:fatal:access denied
>    TLS_accept: failed in SSLv3 read client certificate A
> rlm_eap: SSL error error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> access denied
> SSL: SSL_read failed inside of TLS (-1), TLS session fails.
> TLS receive handshake failed during operation"
> ?
> 
> This is not cosmetic for sure :)

  No.

  But you're not saying what client you're using.  That would help.

  FreeRADIUS works with ALL known EAP clients.  It *is* the standard in the RADIUS space.  OpenSSL is similarly the standard in the TLS space.

  If something doesn't work with FreeRADIUS and OpenSSL, my guess is:

a) the client is broken

b) FreeRADIUS and/or OpenSSL weren't built with the required features
    e.g. an old OpenSSL library won't do TLS 1.2, because the code was written before the standard was finalized.

  Alan DeKok.




More information about the Freeradius-Users mailing list