FreeRadius 3.0.17 - TLS issue
Alan DeKok
aland at deployingradius.com
Wed Nov 28 12:48:50 CET 2018
On Nov 27, 2018, at 12:37 PM, Thorsten Fritsch <thorsten.fritsch at unibas.ch> wrote:
> we're running FR 3.0.17 and currently have some trouble with Windows 10 Clients which since just recently no longer can
> connect to the PEAP/MS-CHAPv2-based eduroam network.
>
> According to the radius debug log the FR server sends an Access Accept to the NAS (Cisco WLC) but it then terminates
> with the information: ERROR: eap_peap: TLS Alert write:fatal:protocol version
Likely due to TLS 1.2.
> 53282519) Tue Nov 27 16:07:35 2018: Debug: Sent Access-Accept Id 251 from 131.152.21.100:1812 to 10.33.6.2:54247 length 0
> (53282519) Tue Nov 27 16:07:35 2018: Debug: Tunnel-Type = VLAN
Don't sent "radiusd -Xx" please... all of the documentation says to just use "radiusd -X".
> It looks like a TLS mismtach but not sure. Any experiences with this ? Which TLS versions are supported by FR 3.0.17 ?
FreeRADIUS uses OpenSSL for TLS. So check your OpenSSL library.
Odds are that you're running a version / OS which is a few years old, and doesn't support TLS 1.2. You'll have to upgrade to a recent release of OpenSSL in order to fix that.
Which likely means upgrading the entire OS, as OpenSSL is used by many applications.
Alan DeKok.
More information about the Freeradius-Users
mailing list