TLS errors and clients sometimes rejected
Alan DeKok
aland at deployingradius.com
Tue Sep 17 14:51:14 UTC 2024
On Sep 17, 2024, at 10:31 AM, Rodrigo Abrantes Antunes <rodrigoantunes at pelotas.ifsul.edu.br> wrote
> Hi, sometimes clients are rejected with the errors below, and sometimes the same clients are accepted. I thought that this could be because of old clients and then defined this but the errors continued:
>
> cipher_list = "DEFAULT at SECLEVEL=0"
> tls_min_version = "1.0"
> tls_max_version = "1.2"
>
> Any ideas what might be going wrong?
The client is saying it doesn't like FreeRADIUS, or vice-versa.
> Freeradius 3.2.1
>
> (911) eap_peap: (TLS) send TLS 1.2 Alert, fatal protocol_version
FreeRADIUS doesn't like the TLS version used by the client.
> (7412) eap_peap: (TLS) recv TLS 1.2 Alert, fatal internal_error
> (7412) eap_peap: (TLS) The client is informing us that there is a failure inside the TLS protocol exchange.
The client doesn't like the data that FreeRADIUS sends.
There's little to do except upgrade the client.
Alan DeKok.
More information about the Freeradius-Users
mailing list