RADSEC / TLS errors but not sure why

Alan DeKok aland at deployingradius.com
Mon Aug 7 18:56:18 UTC 2023 

On Aug 7, 2023, at 1:38 PM, James Wood via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> The error isn't different. I just didn't include the client side error in
> my original post. To confirm:

  OK.

> (0) ERROR: (TLS) Failed reading from OpenSSL: error:1408A0C1:SSL
> routines:ssl3_get_client_hello:no shared cipher

  That's pretty definitive.

> The client is sending 31 ciphers, all of which are also available on
> the server side. I don't know why the server isn't selecting a cipher
> and allowing the handshake.

  OpenSSL negotiation isn't trivial.

> The server supports all of these, it's an out the box openssl build.
> 
> TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-25
> 6-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA

  Does *OpenSSL* support this, or have you configured the server to support this?  Those are two different questions.

  You can configure the server to support a restricted set of ciphers, which is a subset of the above list.  Sometimes this is as easy as using a particular kind of certificate.  For example, if you have an EC cert, then none of the RSA cipher methods listed above will work.  If you disable SHA256, then all of the SHA256 methods won't work.

> Are you suggesting that something is misconfigured which means they
> can't agree on a cipher?

  Yes.

  Somehow the server is using a subset of the above list.  And that subset has no overlap with what the client is sending.

  If I had to guess, the client only supports RSA methods, and the server is using an EC certificate.  So there's no overlap, and nothing happens.

  But without more information, it's impossible to know.

  Alan DeKok.

More information about the Freeradius-Users mailing list