eap PEAP + tls 1.3
dextá
dexter7bbot at gmail.com
Thu Feb 9 16:45:23 UTC 2023
hello Alan,
Sorry for the lack of information.
With your question about the openssl version I was able to solve it.
I was using a docker image with ubuntu 20.x and openssl version was 2020.
I remade the Dockerfile with a debian 11 and openssl version 2022 and
windows 11 20h2 managed to connect via tls 1.3
Thanks!!!
Em qua., 8 de fev. de 2023 às 14:39, Alan DeKok <aland at deployingradius.com>
escreveu:
> On Feb 8, 2023, at 12:09 PM, dextá <dexter7bbot at gmail.com> wrote:
> > Windows 11 22h2 does not connect via eap PEAP.
> >
> > I checked that in freeradius version 3.2.1 PEAP supports tls 1.3, but
> still
> > the error below occurs.
>
> What version of OpenSSL is on your system?
>
> > ...
> > (14) eap_peap: (TLS) send TLS 1.3 Alert, fatal bad_record_mac
> > (14) eap_peap: ERROR: (TLS) Alert write:fatal:bad record mac
> > (14) eap_peap: (TLS) Server : Need to read more data: error
> > (14) eap_peap: ERROR: (TLS) Failed reading from OpenSSL:
> error:1408F119:SSL
> > routines:ssl3_get_record:decryption failed or bad record mac
>
> That's an error in TLS. It looks like Windows is not doing TLS properly.
>
> It is very difficult to understand what else might be going on when your
> message contains very little information.
>
> So... what else did you configure? What kind of certificates are you
> using?
>
> Is there any *other* information you can provide, which is more than "I
> got an error and it doesn't work" ?
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list