Freeradius 3.0.12 EAP TLS Problem
stefan.winter at restena.lu
Mon Jul 10 07:25:43 CEST 2017
> (1) eap_ttls: <<< recv TLS 1.2 [length 002d]
> (1) eap_ttls: >>> send TLS 1.0 Alert [length 0002], fatal handshake_failure
> (1) eap_ttls: ERROR: TLS Alert write:fatal:handshake failure
> tls: TLS_accept: Error in error
> (1) eap_ttls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417A0C1:SSL
> routines:tls_post_process_client_hello:no shared cipher
"No shared cipher" is pretty definitive: server and client have no
encrpytion cipher in common, so they can't continue the conversation.
It looks like the client tries - and insists - on TLS 1.2 (with its
recent ciphers) while the server only offers 1.0 (with its... still
somewhat contemporary ciphers).
If my reading above is correct, you'd have to upgrade the server to a
version that support TLS 1.2 (or just turn it on if you do have a
capable version but turned it off deliberately).
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Freeradius-Users