EAP-TLS not working with windows 7

Jochem Sparla J.Sparla at iolan.com
Mon Mar 7 14:47:02 UTC 2022


Try setting

   cipher_list = "DEFAULT at SECLEVEL=1"
   tls_min_version = "1.0"
   tls_max_version = "1.2"

in eap module configuration

Regards, Jochem



IOLAN B.V. • Mon Plaisir 26 • 4879 AN Etten-Leur • The Netherlands
T +31 (0)76 50 26 100 • F +31 (0)76 50 26 199
E iolan at iolan.com • I http://www.iolan.com/

De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend
bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u
verzocht de inhoud niet te gebruiken en de afzender direct te informeren door
het bericht te retourneren.
The information contained in this message may be confidential and is
intended to be exclusively for the addressee. Should you receive this message
unintentionally, please do not use the contents here in and notify the sender
immediately by return e-mail.

-----Oorspronkelijk bericht-----
Van: Freeradius-Users [mailto:freeradius-users-bounces+j.sparla=iolan.com at lists.freeradius.org] Namens Elias Pereira
Verzonden: maandag 7 maart 2022 15:29
Aan: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Onderwerp: EAP-TLS not working with windows 7

hi,

I have set up on our freeradius server EAP-TLS with a user certificate.

I put together the user certificate + key + CA server in a .p12 file.

At first on android, windows 10 and 11 it is working.

My problem is with windows 7.

*The freeradius log shows this:*

Mon Mar  7 10:40:38 2022 : Debug: (46) eap_tls: (TLS) recv TLS 1.3 Handshake, ClientHello Mon Mar  7 10:40:38 2022 : Debug: (TLS) Ignoring cbtls_msg call with pseudo content type 256, version 0 Mon Mar  7 10:40:38 2022 : Debug: (TLS) Received 2 bytes of TLS data
Mon Mar  7 10:40:38 2022 : Debug: (TLS)        02 46
Mon Mar  7 10:40:38 2022 : Debug: (46) eap_tls: (TLS) send TLS 1.0 Alert, fatal protocol_version Mon Mar  7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) Alert write:fatal:protocol version Mon Mar  7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) Server : Error in error Mon Mar  7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) Failed reading from
OpenSSL: ../ssl/statem/statem_srvr.c[1661]:error:14209102:SSL
routines:tls_early_post_process_client_hello:unsupported protocol Mon Mar  7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) System call (I/O) error (-1) Mon Mar  7 10:40:38 2022 : ERROR: (46) eap_tls: (TLS) EAP Receive handshake failed during operation Mon Mar  7 10:40:38 2022 : ERROR: (46) eap_tls: [eaptls process] = fail Mon Mar  7 10:40:38 2022 : ERROR: (46) eap: Failed continuing EAP TLS (13) session.  EAP sub-module failed Mon Mar  7 10:40:38 2022 : Debug: (46) eap: Sending EAP Failure (code 4) ID
82 length 4
Mon Mar  7 10:40:38 2022 : Debug: (46) eap: Failed in EAP select
Mon Mar  7 10:40:38 2022 : Debug: (46)     modsingle[authenticate]:
returned from eap (rlm_eap)
Mon Mar  7 10:40:38 2022 : Debug: (46)     [eap] = invalid
Mon Mar  7 10:40:38 2022 : Debug: (46)   } # authenticate = invalid
Mon Mar  7 10:40:38 2022 : Debug: (46) Failed to authenticate the user

In windows 7 client I looked for some information in the event viewer, but found nothing.

Anyone else using this method, is having this problem?

--
Elias Pereira
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list