FreeRadius 3.0.17 - TLS issue

Thorsten Fritsch thorsten.fritsch at unibas.ch
Tue Nov 27 18:37:40 CET 2018 

Dear All,

we're running FR 3.0.17 and currently have some trouble with Windows 10 Clients which since just recently no longer can
connect to the PEAP/MS-CHAPv2-based eduroam network.

According to the radius debug log the FR server sends an Access Accept to the NAS (Cisco WLC) but it then terminates
with the information: ERROR: eap_peap: TLS Alert write:fatal:protocol version

53282519) Tue Nov 27 16:07:35 2018: Debug: Sent Access-Accept Id 251 from 131.152.21.100:1812 to 10.33.6.2:54247 length 0
(53282519) Tue Nov 27 16:07:35 2018: Debug:   Tunnel-Type = VLAN
(53282519) Tue Nov 27 16:07:35 2018: Debug:   Tunnel-Medium-Type = IEEE-802
(53282519) Tue Nov 27 16:07:35 2018: Debug:   Tunnel-Private-Group-Id = "822"
(53282519) Tue Nov 27 16:07:35 2018: Debug:   User-Name := "marcel.sumsander at unibas.ch"
(53282519) Tue Nov 27 16:07:35 2018: Debug:   Chargeable-User-Identity := 0x36353637356537306236383335323162656233383262323062616538613935393935303934323763
(53282519) Tue Nov 27 16:07:35 2018: Debug:   MS-MPPE-Recv-Key = 0xde555d4feda0c69ee0c251195d63e1d0f81618a8781522cbe398610d7df41745
(53282519) Tue Nov 27 16:07:35 2018: Debug:   MS-MPPE-Send-Key = 0xb3a46cb36458a0dda59935105ffc8bfd38e4141952800b3bb9f989192ada38b0
(53282519) Tue Nov 27 16:07:35 2018: Debug:   EAP-Message = 0x030c0004
(53282519) Tue Nov 27 16:07:35 2018: Debug:   Message-Authenticator = 0x00000000000000000000000000000000
(53282519) Tue Nov 27 16:07:35 2018: Debug: Finished request
(53282373) Tue Nov 27 16:07:38 2018: Debug: Cleaning up request packet ID 241 with timestamp +2433639
(53282375) Tue Nov 27 16:07:38 2018: Debug: Cleaning up request packet ID 242 with timestamp +2433639
(53282376) Tue Nov 27 16:07:38 2018: Debug: Cleaning up request packet ID 243 with timestamp +2433639
(53282378) Tue Nov 27 16:07:38 2018: Debug: Cleaning up request packet ID 244 with timestamp +2433639
(53282379) Tue Nov 27 16:07:38 2018: Debug: Cleaning up request packet ID 245 with timestamp +2433639
(53282380) Tue Nov 27 16:07:38 2018: Debug: Cleaning up request packet ID 246 with timestamp +2433639
(53282493) Tue Nov 27 16:07:39 2018: Debug: Cleaning up request packet ID 247 with timestamp +2433640
(53282497) Tue Nov 27 16:07:39 2018: Debug: Cleaning up request packet ID 248 with timestamp +2433640
(53282502) Tue Nov 27 16:07:39 2018: Debug: Cleaning up request packet ID 249 with timestamp +2433640
(53282509) Tue Nov 27 16:07:40 2018: Debug: Cleaning up request packet ID 250 with timestamp +2433640
(53282519) Tue Nov 27 16:07:40 2018: Debug: Cleaning up request packet ID 251 with timestamp +2433641
(53283340) Tue Nov 27 16:07:46 2018: ERROR: eap_peap: TLS Alert write:fatal:protocol version

It looks like a TLS mismtach but not sure. Any experiences with this ? Which TLS versions are supported by FR 3.0.17 ?

Thanks and BR,
Thorsten

More information about the Freeradius-Users mailing list