Freeradius 3.0.12 EAP TLS Problem
Stefan Winter
stefan.winter at restena.lu
Mon Jul 10 07:25:43 CEST 2017
Hi,
> (1) eap_ttls: <<< recv TLS 1.2 [length 002d]
> (1) eap_ttls: >>> send TLS 1.0 Alert [length 0002], fatal handshake_failure
> (1) eap_ttls: ERROR: TLS Alert write:fatal:handshake failure
> tls: TLS_accept: Error in error
> (1) eap_ttls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417A0C1:SSL
> routines:tls_post_process_client_hello:no shared cipher
"No shared cipher" is pretty definitive: server and client have no
encrpytion cipher in common, so they can't continue the conversation.
It looks like the client tries - and insists - on TLS 1.2 (with its
recent ciphers) while the server only offers 1.0 (with its... still
somewhat contemporary ciphers).
If my reading above is correct, you'd have to upgrade the server to a
version that support TLS 1.2 (or just turn it on if you do have a
capable version but turned it off deliberately).
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170710/ffc0f370/attachment.sig>
More information about the Freeradius-Users
mailing list