EAP-TEAP not doing 2nd inner Method
petr.linke at seznam.cz
petr.linke at seznam.cz
Wed Dec 4 11:07:20 UTC 2024
From: Martin B. via Freeradius-Users <freeradius-users at lists.freeradius.org>
Subject: EAP-TEAP not doing 2nd inner Method
"(1) eap_teap: (TLS) EAP Got final fragment (156 bytes)
(1) eap_teap: WARNING: (TLS) EAP Total received record fragments (156
bytes), does not equal expected expected data length (0 bytes)
(1) eap_teap: (TLS) EAP Done initial handshake
(1) eap_teap: (TLS) TEAP - Handshake state - before SSL initialization
(1) eap_teap: (TLS) TEAP - Handshake state - Server before SSL
initialization
(1) eap_teap: (TLS) TEAP - Handshake state - Server before SSL
initialization
(1) eap_teap: (TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
Client send TLS 1.3 handshake
"(1) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS read client
hello
(1) eap_teap: (TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
radius response with TLS 1.2 handshake (in radius config is set tls_max_
version = "1.2")
I haven't seen the full debud dump, but it looks like windows supplicant is
not responding to handshake with TLS version 1.2. A possible solution is to
either set the Windows client to use only TLS 1.2 (registry settings [HKEY_
LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\
Protocols\TLS 1.3\Client]), or set ls_max_version = "1.3" in the radius
configuration. But be careful here, as far as I know, Windows still does not
support session resumption in TLS 1.3.
Petr
""
More information about the Freeradius-Users
mailing list