openssl FIPS mode
Timothy J. Ebben
tebben at freeporttech.com
Thu Nov 7 18:02:34 UTC 2024
I have set up a FreeRADIUS server to interface with a Cisco managed switch. I am able to authenticate supplicants using the EAP-TLS protocol. When I activate FIPS mode in openssl (v3.1.5), I get the following debug output:
Ready to process requests
(5) Received Access-Request Id 62 from 192.168.5.132:49205 to 192.168.5.83:1812 length 131
Dropping packet without response because of error: Received packet from 192.168.5.132 with invalid Message-Authenticator! (Shared secret is incorrect.) (from client cisco)
I know the shared secret is correct, because it works when not in FIPS mode. The shared secret is 15 characters long and includes uppercase and lowercase letters, numbers, and special characters.
Do I need additional configuration?
More information about the Freeradius-Users
mailing list