eap PEAP + tls 1.3

Alan DeKok aland at deployingradius.com
Wed Feb 8 17:39:23 UTC 2023


On Feb 8, 2023, at 12:09 PM, dextá <dexter7bbot at gmail.com> wrote:
> Windows 11 22h2 does not connect via eap PEAP.
> 
> I checked that in freeradius version 3.2.1 PEAP supports tls 1.3, but still
> the error below occurs.

  What version of OpenSSL is on your system?

> ...
> (14) eap_peap: (TLS) send TLS 1.3 Alert, fatal bad_record_mac
> (14) eap_peap: ERROR: (TLS) Alert write:fatal:bad record mac
> (14) eap_peap: (TLS) Server : Need to read more data: error
> (14) eap_peap: ERROR: (TLS) Failed reading from OpenSSL: error:1408F119:SSL
> routines:ssl3_get_record:decryption failed or bad record mac

  That's an error in TLS.  It looks like Windows is not doing TLS properly.

  It is very difficult to understand what else might be going on when your message contains very little information.

  So... what else did you configure?  What kind of certificates are you using?

  Is there any *other* information you can provide, which is more than "I got an error and it doesn't work" ?

  Alan DeKok.



More information about the Freeradius-Users mailing list