eap-tls fails: "need to read more data"

Bull, Mary mbull at wm.edu
Tue Jan 26 17:29:16 CET 2021 

We recently updated our radius servers to FreeRADIUS Version 3.0.20 and many clients with correct information are now repeatedly failing to authenticate.



The client is a MBP on Mojave (10.14) with a fresh certificate enroll on 1-23-2021, after our server upgrade.

This client’s certificate was eventually accepted after being rejected repeatedly for about 24 hours.



Does this “need more data” error provide any insight on this mess?



Jan 25 22:45:32 is-auth-02 freeradius[166005]: (6972) eap_tls: Peer indicated complete TLS record size will be 7 bytes

Jan 25 22:45:32 is-auth-02 freeradius[166005]: (6972) eap_tls: Got complete TLS record (7 bytes)

Jan 25 22:45:32 is-auth-02 freeradius[166005]: (6972) eap_tls: [eaptls verify] = length included

Jan 25 22:45:32 is-auth-02 freeradius[166005]: (6972) eap_tls: <<< recv TLS 1.2  [length 0002]

Jan 25 22:45:32 is-auth-02 freeradius[166005]: (6972) eap_tls: TLS_accept: Need to read more data: error

Jan 25 22:45:32 is-auth-02 freeradius[166005]: (6972) eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:140943E8:SSL routines:ssl3_read_bytes:reason(1000)

Jan 25 22:45:32 is-auth-02 freeradius[166005]: (6972) eap_tls: TLS - In Handshake Phase

Jan 25 22:45:32 is-auth-02 freeradius[166005]: (6972) eap_tls: TLS - Application data.

Jan 25 22:45:32 is-auth-02 freeradius[166005]: (6972) eap_tls: ERROR: TLS failed during operation

Jan 25 22:45:32 is-auth-02 freeradius[166005]: (6972) eap_tls: ERROR: [eaptls process] = fail

Jan 25 22:45:32 is-auth-02 freeradius[166005]: (6972) eap-aerohive-eduroam: ERROR: Failed continuing EAP TLS (13) session.  EAP sub-module failed

Jan 25 22:45:32 is-auth-02 freeradius[166005]: (6972) eap-aerohive-eduroam: Sending EAP Failure (code 4) ID 136 length 4

Jan 25 22:45:32 is-auth-02 freeradius[166005]: (6972) eap-aerohive-eduroam: Failed in EAP select

Jan 25 22:45:32 is-auth-02 freeradius[166005]: (6972)     [eap-aerohive-eduroam] = invalid

Jan 25 22:45:32 is-auth-02 freeradius[166005]: (6972)   } # Auth-Type eap-aerohive-eduroam = invalid


Mary Bull
Network Tech
757-221-2491
mbull at wm.edu

More information about the Freeradius-Users mailing list