FreeRadius 3.0.17 - TLS issue
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Nov 29 02:26:17 CET 2018
> On Nov 28, 2018, at 6:48 AM, Alan DeKok <aland at deployingradius.com> wrote:
>
> On Nov 27, 2018, at 12:37 PM, Thorsten Fritsch <thorsten.fritsch at unibas.ch> wrote:
>> we're running FR 3.0.17 and currently have some trouble with Windows 10 Clients which since just recently no longer can
>> connect to the PEAP/MS-CHAPv2-based eduroam network.
>>
>> According to the radius debug log the FR server sends an Access Accept to the NAS (Cisco WLC) but it then terminates
>> with the information: ERROR: eap_peap: TLS Alert write:fatal:protocol version
>
> Likely due to TLS 1.2.
>
>> 53282519) Tue Nov 27 16:07:35 2018: Debug: Sent Access-Accept Id 251 from 131.152.21.100:1812 to 10.33.6.2:54247 length 0
>> (53282519) Tue Nov 27 16:07:35 2018: Debug: Tunnel-Type = VLAN
>
> Don't sent "radiusd -Xx" please... all of the documentation says to just use "radiusd -X".
>
>> It looks like a TLS mismtach but not sure. Any experiences with this ? Which TLS versions are supported by FR 3.0.17 ?
>
> FreeRADIUS uses OpenSSL for TLS. So check your OpenSSL library.
>
> Odds are that you're running a version / OS which is a few years old, and doesn't support TLS 1.2. You'll have to upgrade to a recent release of OpenSSL in order to fix that.
radiusd -Xv should show you the version of OpenSSL the server is linked against.
-Arran
More information about the Freeradius-Users
mailing list