TLS 1.3

Vieri rentorbuy at yahoo.com
Mon Jun 29 14:29:40 CEST 2020


Hi,

What does this log snippet mean?

(2) eap_peap: Continuing EAP-TLS
(2) eap_peap: Peer indicated complete TLS record size will be 71 bytes
(2) eap_peap: Got complete TLS record (71 bytes)
(2) eap_peap: [eaptls verify] = length included
(2) eap_peap: (other): before SSL initialization
(2) eap_peap: TLS_accept: before SSL initialization
(2) eap_peap: TLS_accept: before SSL initialization
(2) eap_peap: <<< recv TLS 1.3  [length 0042]
(2) eap_peap: >>> send TLS 1.0 Alert [length 0002], fatal handshake_failure
(2) eap_peap: ERROR: TLS Alert write:fatal:handshake failure
tls: TLS_accept: Error in error
(2) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
(2) eap_peap: ERROR: System call (I/O) error (-1)
(2) eap_peap: ERROR: TLS receive handshake failed during operation
(2) eap_peap: ERROR: [eaptls process] = fail
(2) eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module failed
(2) eap: Sending EAP Failure (code 4) ID 101 length 4
(2) eap: Failed in EAP select

Does it mean that the wifi client asked for TLS 1.3, but we replied with TLS 1.0?

I have this in freeradius:

tls_min_version = "1.0"
tls_max_version = "1.2"

and I'm using openssl-1.1.1g.

Regards,

Vieri



More information about the Freeradius-Users mailing list