EAP-TLS failure with Freeradius 3.2.0 : Failed reading from OpenSSL: ../ssl/record/rec_layer_s3.c[1528]:error:14094438
Arvinder Singh
arvinder.singh at gm.com
Thu Jul 28 04:58:58 UTC 2022
Hi Alan,
When using FreeRadius 3.2.0, using EAP-TLS I am seeing below errors,
"
Tue Jul 26 16:46:02 2022 : Debug: (4) eap_tls: (TLS) EAP Done initial handshake
Tue Jul 26 16:46:02 2022 : Debug: (4) eap_tls: (TLS) recv TLS 1.2 Alert, fatal internal_error
Tue Jul 26 16:46:02 2022 : Debug: (4) eap_tls: (TLS) The client is informing us that there is a failure inside the TLS protocol exchange.
Tue Jul 26 16:46:02 2022 : ERROR: (4) eap_tls: (TLS) Alert read:fatal:internal error
Tue Jul 26 16:46:02 2022 : Debug: (4) eap_tls: (TLS) Server : Need to read more data: error
Tue Jul 26 16:46:02 2022 : ERROR: (4) eap_tls: (TLS) Failed reading from OpenSSL: ../ssl/record/rec_layer_s3.c[1528]:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
Tue Jul 26 16:46:02 2022 : Debug: (4) eap_tls: (TLS) In Handshake Phase
Tue Jul 26 16:46:02 2022 : Debug: (4) eap_tls: (TLS) Application data.
Tue Jul 26 16:46:02 2022 : ERROR: (4) eap_tls: (TLS) Cannot continue, as the peer is misbehaving.
Tue Jul 26 16:46:02 2022 : ERROR: (4) eap_tls: [eaptls process] = fail
Tue Jul 26 16:46:02 2022 : ERROR: (4) eap: Failed continuing EAP TLS (13) session. EAP sub-module failed
Tue Jul 26 16:46:02 2022 : Debug: (4) eap: Sending EAP Failure (code 4) ID 46 length 4
Tue Jul 26 16:46:02 2022 : Debug: (4) eap: Failed in EAP select
Tue Jul 26 16:46:02 2022 : Debug: (4) modsingle[authenticate]: returned from eap (rlm_eap)
Tue Jul 26 16:46:02 2022 : Debug: (4) [eap] = invalid
Tue Jul 26 16:46:02 2022 : Debug: (4) } # authenticate = invalid
Tue Jul 26 16:46:02 2022 : Debug: (4) Failed to authenticate the user
Tue Jul 26 16:46:02 2022 : Debug: (4) Using Post-Auth-Type Reject
"
I am using Android 12 clients and Netgear WiFi Access Point. EAP-PEAP is working perfectly fine for me.
I am using the default test certificates, ca.pem and user at example.org.pem<mailto:user at example.org.pem>
I am unable to debug further as these errors seems to be OpenSSL related. Any guidance fir resolution is appreciated.
Attached are the logs from the Radius server.
Best regards,
Arvinder Singh
Nothing in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message.
Confidentiality Note: This message is intended only for the person or entity to which it is addressed. It may contain confidential and/or privileged material. Any review, transmission, dissemination or other use, or taking of any action in reliance upon this message by persons or entities other than the intended recipient is prohibited and may be unlawful. If you received this message in error, please contact the sender and delete it from your computer.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: TLS-Error2.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20220728/d889d649/attachment-0001.txt>
More information about the Freeradius-Users
mailing list