FreeRadius 3.0.17 - TLS issue

Arran Cudbard-Bell a.cudbardb at freeradius.org
Thu Nov 29 02:26:17 CET 2018



> On Nov 28, 2018, at 6:48 AM, Alan DeKok <aland at deployingradius.com> wrote:
> 
> On Nov 27, 2018, at 12:37 PM, Thorsten Fritsch <thorsten.fritsch at unibas.ch> wrote:
>> we're running FR 3.0.17 and currently have some trouble with Windows 10 Clients which since just recently no longer can
>> connect to the PEAP/MS-CHAPv2-based eduroam network.
>> 
>> According to the radius debug log the FR server sends an Access Accept to the NAS (Cisco WLC) but it then terminates
>> with the information: ERROR: eap_peap: TLS Alert write:fatal:protocol version
> 
>  Likely due to TLS 1.2.
> 
>> 53282519) Tue Nov 27 16:07:35 2018: Debug: Sent Access-Accept Id 251 from 131.152.21.100:1812 to 10.33.6.2:54247 length 0
>> (53282519) Tue Nov 27 16:07:35 2018: Debug:   Tunnel-Type = VLAN
> 
>  Don't sent "radiusd -Xx" please... all of the documentation says to just use "radiusd -X".
> 
>> It looks like a TLS mismtach but not sure. Any experiences with this ? Which TLS versions are supported by FR 3.0.17 ?
> 
>  FreeRADIUS uses OpenSSL for TLS.  So check your OpenSSL library.
> 
>  Odds are that you're running a version / OS which is a few years old, and doesn't support TLS 1.2.  You'll have to upgrade to a recent release of OpenSSL in order to fix that.

radiusd -Xv should show you the version of OpenSSL the server is linked against.

-Arran


More information about the Freeradius-Users mailing list