TLS Alert read:fatal:internal error
Piotr Rudzki
ryba.lodz at gmail.com
Sun May 30 13:21:39 CEST 2021
I've managed to resolve problem. Client device to verify certificate needs
domain listed in the server's certificate CN or SAN, but I've got only
server's FQDN in CN and IP in SAN. When I pass FQDN as domain it work's as
expected.
czw., 27 maj 2021 o 21:18 Alan DeKok <aland at deployingradius.com> napisaĆ(a):
> On May 27, 2021, at 1:06 PM, Piotr Rudzki <ryba.lodz at gmail.com> wrote:
> >
> > I've strange problem with freeradius. It was working as expected and
> > suddenly stopped authenticate wpa2-eap users to active directory.
> >
> > I've recreated whole VM with freeradius server without success.
> >
> > Same credentials work for ikev2 mschapv2 authentication but not for
> > wireless wpa2-eap (android and windows clients). Am I missing something?
> > ...
> > (9) eap_peap: <<< recv TLS 1.2 [length 0002]
> > (9) eap_peap: ERROR: TLS Alert read:fatal:internal error
> > (9) eap_peap: TLS_accept: Need to read more data: error
> > (9) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read):
> error:14094438:SSL
> > routines:ssl3_read_bytes:tlsv1 alert internal error
>
> Try 3.0.22. It has much better error messages for TLS.
>
> But the errors are in the TLS layer. i.e. OpenSSL. It's very difficult
> for us to know what to do here.
>
> Alan DeKok.
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list