TLS errors and clients sometimes rejected

Rodrigo Abrantes Antunes rodrigoantunes at pelotas.ifsul.edu.br
Tue Sep 17 14:31:20 UTC 2024 

Hi, sometimes clients are rejected with the errors below, and  
sometimes the same clients are accepted. I thought that this could be  
because of old clients and then defined this but the errors continued:

cipher_list = "DEFAULT at SECLEVEL=0"
tls_min_version = "1.0"
tls_max_version = "1.2"

Any ideas what might be going wrong?

Freeradius 3.2.1

(911) eap_peap: (TLS) send TLS 1.2 Alert, fatal protocol_version
(911) eap_peap: ERROR: (TLS) Alert write:fatal:protocol version
(911) eap_peap: ERROR: (TLS) Error in fragmentation logic - code 1
(911) eap_peap: ERROR: (TLS) Failed reading application data from  
OpenSSL: error:0A00010B:SSL routines::wrong version number
(911) eap_peap: ERROR: (TLS) System call (I/O) error (-1)
(911) eap_peap: ERROR: [eaptls process] = fail
(911) eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP  
sub-module failed

(6470) eap_peap: (TLS) send TLS 1.0 Alert, fatal protocol_version
(6470) eap_peap: ERROR: (TLS) Alert write:fatal:protocol version
(6470) eap_peap: (TLS) Server : Need to read more data: error
(6470) eap_peap: ERROR: (TLS) Failed reading from OpenSSL:  
error:0A00010B:SSL routines::wrong version number
(6470) eap_peap: ERROR: (TLS) System call (I/O) error (-1)
(6470) eap_peap: ERROR: (TLS) EAP Receive handshake failed during operation
(6470) eap_peap: ERROR: [eaptls process] = fail
(6470) eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP  
sub-module failed

(7412) eap_peap: (TLS) recv TLS 1.2 Alert, fatal internal_error
(7412) eap_peap: (TLS) The client is informing us that there is a  
failure inside the TLS protocol exchange.
(7412) eap_peap: ERROR: (TLS) Alert read:fatal:internal error
(7412) eap_peap: (TLS) Server : Need to read more data: error
(7412) eap_peap: ERROR: (TLS) Failed reading from OpenSSL:  
error:0A000438:SSL routines::tlsv1 alert internal error
(7412) eap_peap: (TLS) In Handshake Phase
(7412) eap_peap: (TLS) Application data.
(7412) eap_peap: ERROR: (TLS) Cannot continue, as the peer is misbehaving.
(7412) eap_peap: ERROR: [eaptls process] = fail
(7412) eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP  
sub-module failed

More information about the Freeradius-Users mailing list