Failed in SSLv3 read client certificate A

Arran Cudbard-Bell a.cudbardb at
Sun Jun 19 01:50:27 CEST 2016

> On 18 Jun 2016, at 14:00, Michael Martinez <mwtzzz at> wrote:
> On Fri, Jun 17, 2016 at 1:26 PM, Alan DeKok <aland at> wrote:
>>> On Jun 17, 2016, at 4:23 PM, Michael Martinez <mwtzzz at> wrote:
>>> We really need to get this working. We're stumped on it. Anybody have
>>> any thoughts?
>>  Set disable_tlsv1_2 in the EAP module.
> Maybe slightly off-topic, but how do I find which ssl library my
> freeradius server is compiled with? I do:
> root at 2-rpi:/usr/local/freeradius/etc/raddb# ldd
> /usr/local/freeradius/sbin/radiusd
>        /usr/lib/arm-linux-gnueabihf/ (0xb6f7e000)
> =>
> /usr/local/freeradius/lib/ (0xb6f4e000)
>           .....<snip>
> But nothing about ssl libraries shows up there.
> I do: strings /usr/local/freeradius/sbin/radiusd | grep -iE "openssl.*1"
> and I see a lot of references to openssl 1.0.2.f:
> Diffie-Hellman part of OpenSSL 1.0.2f  28 Jan 2016
> so, pretty clear it's compiled against 1.0.2.f. But out of curiosity
> is there a way to definitely find out?

/usr/local/freeradius/sbin/radiusd -v

Is more accurate than using ldd.  It calls a version function in OpenSSL
to get the version, it doesn't use compile time macros.

> And, it seems "disable_tlsv1_2" was added as a way to get around some
> problems with older versions of openssl. But will it actually help in
> my case?

Probably not.  But just in case the apple supplicant is broken its worth trying.


Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list