openssl FIPS mode
Timothy J. Ebben
tebben at freeporttech.com
Thu Nov 7 18:06:01 UTC 2024
More information: FreeRADIUS version 3.0.26
-----Original Message-----
From: Timothy J. Ebben
Sent: Thursday, November 7, 2024 12:03 PM
To: freeradius-users at lists.freeradius.org
Subject: openssl FIPS mode
I have set up a FreeRADIUS server to interface with a Cisco managed switch. I am able to authenticate supplicants using the EAP-TLS protocol. When I activate FIPS mode in openssl (v3.1.5), I get the following debug output:
Ready to process requests
(5) Received Access-Request Id 62 from 192.168.5.132:49205 to 192.168.5.83:1812 length 131 Dropping packet without response because of error: Received packet from 192.168.5.132 with invalid Message-Authenticator! (Shared secret is incorrect.) (from client cisco)
I know the shared secret is correct, because it works when not in FIPS mode. The shared secret is 15 characters long and includes uppercase and lowercase letters, numbers, and special characters.
Do I need additional configuration?
More information about the Freeradius-Users
mailing list