Reject for unknown TLS version

Norman Elton normelton at gmail.com
Tue Aug 14 22:10:56 CEST 2018


>> To be fair, we have FreeRADIUS deployed on RHEL6, using the
>> RedHat-supplied packages. So far, we've been happy with the stability
>> this provides, but realize that FreeRADIUS 2.2.6 is way outdated.

>  Yup.  You should upgrade to 2.2.10 at least.  It also has fixes for TLS 1.2. :)

For anyone having this problem ... upgrading to FreeRADIUS 3.0.17, and
to openssl 1.0.2p appears to have solved the problem.

Moving to FR3 is long overdue. It will require some reconfigurations
on my part, which will surely prompt more questions. Thanks for the
advice so far.

Norman
On Tue, Aug 14, 2018 at 10:39 AM Alan DeKok <aland at deployingradius.com> wrote:
>
> On Aug 14, 2018, at 10:34 AM, Norman Elton <normelton at gmail.com> wrote:
> >
> > Deploying EAP-TLS, I've got the CA and certificate configured on the
> > server, and the client-side certificate on the client. But I'm getting
> > a "Unknown TLS version [length 0002]" message. Debug output below.
>
>   You're running v2.  I would suggest upgrading.
>
> > Is the "[length 0002]" referring to only have two bytes to parse? Is
> > some of the transaction getting lost someplace?
>
>   I'm not sure.  It's a TLS issue.
>
> > To be fair, we have FreeRADIUS deployed on RHEL6, using the
> > RedHat-supplied packages. So far, we've been happy with the stability
> > this provides, but realize that FreeRADIUS 2.2.6 is way outdated.
>
>   Yup.  You should upgrade to 2.2.10 at least.  It also has fixes for TLS 1.2. :)
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list