EAP-TLS not working with windows 7

Elias Pereira empbilly at gmail.com
Mon Mar 7 14:29:00 UTC 2022 

hi,

I have set up on our freeradius server EAP-TLS with a user certificate.

I put together the user certificate + key + CA server in a .p12 file.

At first on android, windows 10 and 11 it is working.

My problem is with windows 7.

*The freeradius log shows this:*

Mon Mar  7 10:40:38 2022 : Debug: (46) eap_tls: (TLS) recv TLS 1.3
Handshake, ClientHello
Mon Mar  7 10:40:38 2022 : Debug: (TLS) Ignoring cbtls_msg call with pseudo
content type 256, version 0
Mon Mar  7 10:40:38 2022 : Debug: (TLS) Received 2 bytes of TLS data
Mon Mar  7 10:40:38 2022 : Debug: (TLS)        02 46
Mon Mar  7 10:40:38 2022 : Debug: (46) eap_tls: (TLS) send TLS 1.0 Alert,
fatal protocol_version
Mon Mar  7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) Alert
write:fatal:protocol version
Mon Mar  7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) Server : Error in
error
Mon Mar  7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) Failed reading from
OpenSSL: ../ssl/statem/statem_srvr.c[1661]:error:14209102:SSL
routines:tls_early_post_process_client_hello:unsupported protocol
Mon Mar  7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) System call (I/O)
error (-1)
Mon Mar  7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) EAP Receive handshake
failed during operation
Mon Mar  7 10:40:38 2022 : ERROR: (46) eap_tls: [eaptls process] = fail
Mon Mar  7 10:40:38 2022 : ERROR: (46) eap: Failed continuing EAP TLS (13)
session.  EAP sub-module failed
Mon Mar  7 10:40:38 2022 : Debug: (46) eap: Sending EAP Failure (code 4) ID
82 length 4
Mon Mar  7 10:40:38 2022 : Debug: (46) eap: Failed in EAP select
Mon Mar  7 10:40:38 2022 : Debug: (46)     modsingle[authenticate]:
returned from eap (rlm_eap)
Mon Mar  7 10:40:38 2022 : Debug: (46)     [eap] = invalid
Mon Mar  7 10:40:38 2022 : Debug: (46)   } # authenticate = invalid
Mon Mar  7 10:40:38 2022 : Debug: (46) Failed to authenticate the user

In windows 7 client I looked for some information in the event viewer, but
found nothing.

Anyone else using this method, is having this problem?

-- 
Elias Pereira

More information about the Freeradius-Users mailing list