Unable to complete TLS handshake with iwd client
Pat Pat
pat97040 at gmail.com
Sun Mar 23 03:37:20 UTC 2025
I am trying to use freeradius with WPA2-EAP. I have android clients
working but using IWD it seems to fail with a TLS handshake error.
Ready to process requests
Threads: total/active/spare threads = 2/0/2
Waking up in 0.3 seconds.
Thread 1 got semaphore
Thread 1 handling request 0, (1 handled so far)
(0) Received Access-Request Id 0 from 192.168.2.2:44444 to
192.168.2.1:1812 length 117
(0) User-Name = "as"
(0) NAS-IP-Address = 192.168.2.2
(0) Called-Station-Id = "b4378330fc3b"
(0) Calling-Station-Id = "5a5b3135062e"
(0) NAS-Identifier = "b4378330fc3b"
(0) NAS-Port = 29
(0) Framed-MTU = 1400
(0) NAS-Port-Type = Wireless-802.11
(0) EAP-Message = 0x02000007016173
(0) Message-Authenticator = 0x03105277799198b5f2c8e05d953827e8
(0) session-state: No State attribute
(0) # Executing section authorize from file /etc/raddb/radiusd.conf
(0) authorize {
(0) modsingle[authorize]: calling eap (rlm_eap)
(0) eap: Peer sent EAP Response (code 2) ID 0 length 7
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit
the rest of authorize
(0) modsingle[authorize]: returned from eap (rlm_eap)
(0) [eap] = ok
(0) } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file /etc/raddb/radiusd.conf
(0) authenticate {
(0) modsingle[authenticate]: calling eap (rlm_eap)
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_tls to process data
(0) eap_tls: (TLS) TLS -Initiating new session
(0) eap_tls: (TLS) TLS - Setting verify mode to require certificate from client
(0) eap_tls: [eaptls start] = request
(0) eap: Sending EAP Request (code 1) ID 1 length 10
(0) eap: EAP session adding &reply:State = 0xdfcd0373dfcc0e53
(0) modsingle[authenticate]: returned from eap (rlm_eap)
(0) [eap] = handled
(0) } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) Post-Auth-Type sub-section not found. Ignoring.
(0) session-state: Saving cached attributes
(0) Framed-MTU = 1014
(0) Sent Access-Challenge Id 0 from 192.168.2.1:1812 to
192.168.2.2:44444 length 68
(0) EAP-Message = 0x0101000a0da000000000
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0xdfcd0373dfcc0e53057e01be00df4fb0
(0) Finished request
Thread 1 waiting to be assigned a request
(0) Cleaning up request packet ID 0 with timestamp +16 due to
conflicting packet was received
Waking up in 0.3 seconds.
Thread 2 got semaphore
Thread 2 handling request 1, (1 handled so far)
(1) Received Access-Request Id 0 from 192.168.2.2:44444 to
192.168.2.1:1812 length 265
(1) User-Name = "as"
(1) NAS-IP-Address = 192.168.2.2
(1) Called-Station-Id = "b4378330fc3b"
(1) Calling-Station-Id = "5a5b3135062e"
(1) NAS-Identifier = "b4378330fc3b"
(1) NAS-Port = 29
(1) Framed-MTU = 1400
(1) State = 0xdfcd0373dfcc0e53057e01be00df4fb0
(1) NAS-Port-Type = Wireless-802.11
(1) EAP-Message =
0x020100890d00160301007e0100007a030367df7cae99f0e7e4fba4bb3181d9255fb4e4053b47f21d704f41904b9a089dc400002ac014c013003900330035002fc028c027006b0067003d003cc030c02f009f009e009d009cc0120016000a0100002700
(1) Message-Authenticator = 0x15eed9703faadf1d00a6dfe52a3e6807
(1) Restoring &session-state
(1) &session-state:Framed-MTU = 1014
(1) # Executing section authorize from file /etc/raddb/radiusd.conf
(1) authorize {
(1) modsingle[authorize]: calling eap (rlm_eap)
(1) eap: Peer sent EAP Response (code 2) ID 1 length 137
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1) modsingle[authorize]: returned from eap (rlm_eap)
(1) [eap] = updated
(1) } # authorize = updated
(1) Found Auth-Type = eap
(1) # Executing group from file /etc/raddb/radiusd.conf
(1) authenticate {
(1) modsingle[authenticate]: calling eap (rlm_eap)
(1) eap: Removing EAP session with state 0xdfcd0373dfcc0e53
(1) eap: Previous EAP request found for state 0xdfcd0373dfcc0e53,
released from the list
(1) eap: Peer sent packet with method EAP TLS (13)
(1) eap: Calling submodule eap_tls to process data
(1) eap_tls: (TLS) EAP Continuing ...
(1) eap_tls: (TLS) EAP Peer sent flags ---
(1) eap_tls: (TLS) EAP Got final fragment (131 bytes)
WARNING: (1) eap_tls: (TLS) EAP Total received record fragments (131
bytes), does not equal expected expected data length (0 bytes)
(1) eap_tls: (TLS) EAP Verification says ok
(1) eap_tls: (TLS) EAP Done initial handshake
(1) eap_tls: (TLS) TLS - Handshake state [PINIT] - before SSL initialization (0)
(1) eap_tls: (TLS) TLS - Handshake state [PINIT] - Server before SSL
initialization (0)
(TLS) Ignoring cbtls_msg call with pseudo content type 256, version 00000301
(1) eap_tls: (TLS) TLS - Handshake state [PINIT] - Server before SSL
initialization (0)
(TLS) Received 126 bytes of TLS data
(TLS) 01 00 00 7a 03 03 67 df 7c ae 99 f0 e7 e4 fb a4
(TLS) bb 31 81 d9 25 5f b4 e4 05 3b 47 f2 1d 70 4f 41
(TLS) 90 4b 9a 08 9d c4 00 00 2a c0 14 c0 13 00 39 00
(TLS) 33 00 35 00 2f c0 28 c0 27 00 6b 00 67 00 3d 00
(TLS) 3c c0 30 c0 2f 00 9f 00 9e 00 9d 00 9c c0 12 00
(TLS) 16 00 0a 01 00 00 27 00 0a 00 10 00 0e 00 17 00
(TLS) 18 01 00 01 01 01 02 01 03 01 04 00 0d 00 0a 00
(TLS) 08 05 01 04 01 01 01 02 01 ff 01 00 01 00
(1) eap_tls: (TLS) TLS - recv TLS 1.3 Handshake, ClientHello
(TLS) Ignoring cbtls_msg call with pseudo content type 256, version 00000303
(TLS) Received 2 bytes of TLS data
(TLS) 02 28
(1) eap_tls: (TLS) TLS - send TLS 1.2 Alert, fatal handshake_failure
ERROR: (1) eap_tls: (TLS) TLS - Alert write:fatal:handshake failure
ERROR: (1) eap_tls: (TLS) TLS - Server : Error in error
(1) eap_tls: Server preferred ciphers (by priority)
(1) eap_tls: (TLS) [0] TLS_AES_256_GCM_SHA384
(1) eap_tls: (TLS) [1] TLS_AES_128_GCM_SHA256
(1) eap_tls: (TLS) [2] ECDHE-ECDSA-AES256-GCM-SHA384
(1) eap_tls: (TLS) [3] ECDHE-RSA-AES256-GCM-SHA384
(1) eap_tls: (TLS) [4] DHE-DSS-AES256-GCM-SHA384
(1) eap_tls: (TLS) [5] DHE-RSA-AES256-GCM-SHA384
(1) eap_tls: (TLS) [6] ECDHE-ECDSA-AES256-CCM
(1) eap_tls: (TLS) [7] DHE-RSA-AES256-CCM
(1) eap_tls: (TLS) [8] ECDHE-ECDSA-ARIA256-GCM-SHA384
(1) eap_tls: (TLS) [9] ECDHE-ARIA256-GCM-SHA384
(1) eap_tls: (TLS) [10] DHE-DSS-ARIA256-GCM-SHA384
(1) eap_tls: (TLS) [11] DHE-RSA-ARIA256-GCM-SHA384
(1) eap_tls: (TLS) [12] ADH-AES256-GCM-SHA384
(1) eap_tls: (TLS) [13] ECDHE-ECDSA-AES128-GCM-SHA256
(1) eap_tls: (TLS) [14] ECDHE-RSA-AES128-GCM-SHA256
(1) eap_tls: (TLS) [15] DHE-DSS-AES128-GCM-SHA256
(1) eap_tls: (TLS) [16] DHE-RSA-AES128-GCM-SHA256
(1) eap_tls: (TLS) [17] ECDHE-ECDSA-AES128-CCM
(1) eap_tls: (TLS) [18] DHE-RSA-AES128-CCM
(1) eap_tls: (TLS) [19] ECDHE-ECDSA-ARIA128-GCM-SHA256
(1) eap_tls: (TLS) [20] ECDHE-ARIA128-GCM-SHA256
(1) eap_tls: (TLS) [21] DHE-DSS-ARIA128-GCM-SHA256
(1) eap_tls: (TLS) [22] DHE-RSA-ARIA128-GCM-SHA256
(1) eap_tls: (TLS) [23] ADH-AES128-GCM-SHA256
(1) eap_tls: (TLS) [24] ECDHE-ECDSA-AES256-SHA384
(1) eap_tls: (TLS) [25] ECDHE-RSA-AES256-SHA384
(1) eap_tls: (TLS) [26] DHE-RSA-AES256-SHA256
(1) eap_tls: (TLS) [27] DHE-DSS-AES256-SHA256
(1) eap_tls: (TLS) [28] ECDHE-ECDSA-CAMELLIA256-SHA384
(1) eap_tls: (TLS) [29] ECDHE-RSA-CAMELLIA256-SHA384
(1) eap_tls: (TLS) [30] DHE-RSA-CAMELLIA256-SHA256
(1) eap_tls: (TLS) [31] DHE-DSS-CAMELLIA256-SHA256
(1) eap_tls: (TLS) [32] ADH-AES256-SHA256
(1) eap_tls: (TLS) [33] ADH-CAMELLIA256-SHA256
(1) eap_tls: (TLS) [34] ECDHE-ECDSA-AES128-SHA256
(1) eap_tls: (TLS) [35] ECDHE-RSA-AES128-SHA256
(1) eap_tls: (TLS) [36] DHE-RSA-AES128-SHA256
(1) eap_tls: (TLS) [37] DHE-DSS-AES128-SHA256
(1) eap_tls: (TLS) [38] ECDHE-ECDSA-CAMELLIA128-SHA256
(1) eap_tls: (TLS) [39] ECDHE-RSA-CAMELLIA128-SHA256
(1) eap_tls: (TLS) [40] DHE-RSA-CAMELLIA128-SHA256
(1) eap_tls: (TLS) [41] DHE-DSS-CAMELLIA128-SHA256
(1) eap_tls: (TLS) [42] ADH-AES128-SHA256
(1) eap_tls: (TLS) [43] ADH-CAMELLIA128-SHA256
(1) eap_tls: (TLS) [44] ECDHE-ECDSA-AES256-SHA
(1) eap_tls: (TLS) [45] ECDHE-RSA-AES256-SHA
(1) eap_tls: (TLS) [46] DHE-RSA-AES256-SHA
(1) eap_tls: (TLS) [47] DHE-DSS-AES256-SHA
(1) eap_tls: (TLS) [48] DHE-RSA-CAMELLIA256-SHA
(1) eap_tls: (TLS) [49] DHE-DSS-CAMELLIA256-SHA
(1) eap_tls: (TLS) [50] AECDH-AES256-SHA
(1) eap_tls: (TLS) [51] ADH-AES256-SHA
(1) eap_tls: (TLS) [52] ADH-CAMELLIA256-SHA
(1) eap_tls: (TLS) [53] ECDHE-ECDSA-AES128-SHA
(1) eap_tls: (TLS) [54] ECDHE-RSA-AES128-SHA
(1) eap_tls: (TLS) [55] DHE-RSA-AES128-SHA
(1) eap_tls: (TLS) [56] DHE-DSS-AES128-SHA
(1) eap_tls: (TLS) [57] DHE-RSA-CAMELLIA128-SHA
(1) eap_tls: (TLS) [58] DHE-DSS-CAMELLIA128-SHA
(1) eap_tls: (TLS) [59] AECDH-AES128-SHA
(1) eap_tls: (TLS) [60] ADH-AES128-SHA
(1) eap_tls: (TLS) [61] ADH-CAMELLIA128-SHA
(1) eap_tls: (TLS) [62] AES256-GCM-SHA384
(1) eap_tls: (TLS) [63] AES256-CCM
(1) eap_tls: (TLS) [64] ARIA256-GCM-SHA384
(1) eap_tls: (TLS) [65] AES128-GCM-SHA256
(1) eap_tls: (TLS) [66] AES128-CCM
(1) eap_tls: (TLS) [67] ARIA128-GCM-SHA256
(1) eap_tls: (TLS) [68] AES256-SHA256
(1) eap_tls: (TLS) [69] CAMELLIA256-SHA256
(1) eap_tls: (TLS) [70] AES128-SHA256
(1) eap_tls: (TLS) [71] CAMELLIA128-SHA256
(1) eap_tls: (TLS) [72] SRP-DSS-AES-256-CBC-SHA
(1) eap_tls: (TLS) [73] SRP-RSA-AES-256-CBC-SHA
(1) eap_tls: (TLS) [74] SRP-AES-256-CBC-SHA
(1) eap_tls: (TLS) [75] AES256-SHA
(1) eap_tls: (TLS) [76] CAMELLIA256-SHA
(1) eap_tls: (TLS) [77] SRP-DSS-AES-128-CBC-SHA
(1) eap_tls: (TLS) [78] SRP-RSA-AES-128-CBC-SHA
(1) eap_tls: (TLS) [79] SRP-AES-128-CBC-SHA
(1) eap_tls: (TLS) [80] AES128-SHA
(1) eap_tls: (TLS) [81] CAMELLIA128-SHA
(1) eap_tls: (TLS) TLS - Client preferred ciphers (by priority)
(1) eap_tls: (TLS) [0] ECDHE-RSA-AES256-SHA
(1) eap_tls: (TLS) [1] ECDHE-RSA-AES128-SHA
(1) eap_tls: (TLS) [2] DHE-RSA-AES256-SHA
(1) eap_tls: (TLS) [3] DHE-RSA-AES128-SHA
(1) eap_tls: (TLS) [4] AES256-SHA
(1) eap_tls: (TLS) [5] AES128-SHA
(1) eap_tls: (TLS) [6] ECDHE-RSA-AES256-SHA384
(1) eap_tls: (TLS) [7] ECDHE-RSA-AES128-SHA256
(1) eap_tls: (TLS) [8] DHE-RSA-AES256-SHA256
(1) eap_tls: (TLS) [9] DHE-RSA-AES128-SHA256
(1) eap_tls: (TLS) [10] AES256-SHA256
(1) eap_tls: (TLS) [11] AES128-SHA256
(1) eap_tls: (TLS) [12] ECDHE-RSA-AES256-GCM-SHA384
(1) eap_tls: (TLS) [13] ECDHE-RSA-AES128-GCM-SHA256
(1) eap_tls: (TLS) [14] DHE-RSA-AES256-GCM-SHA384
(1) eap_tls: (TLS) [15] DHE-RSA-AES128-GCM-SHA256
(1) eap_tls: (TLS) [16] AES256-GCM-SHA384
(1) eap_tls: (TLS) [17] AES128-GCM-SHA256
ERROR: (1) eap_tls: (TLS) Failed reading from OpenSSL:
ssl/statem/statem_srvr.c[2312]:error:0A0000C1:lib(20)::reason(193)
ERROR: (1) eap_tls: (TLS) System call (I/O) error (-1)
ERROR: (1) eap_tls: (TLS) EAP Receive handshake failed during operation
ERROR: (1) eap_tls: [eaptls process] = fail
ERROR: (1) eap: Failed continuing EAP TLS (13) session. EAP sub-module failed
(1) eap: Sending EAP Failure (code 4) ID 1 length 4
(1) eap: Failed in EAP select
(1) modsingle[authenticate]: returned from eap (rlm_eap)
(1) [eap] = invalid
(1) } # authenticate = invalid
(1) Failed to authenticate the user
(1) Using Post-Auth-Type Reject
(1) Post-Auth-Type sub-section not found. Ignoring.
(1) Login incorrect (eap_tls: (TLS) TLS - Alert write:fatal:handshake
failure): [as] (from client ac port 29 cli 5a5b3135062e)
(1) Delaying response for 5.000000 seconds
Thread 2 waiting to be assigned a request
Waking up in 4.6 seconds.
(1) Sending delayed response
(1) Sent Access-Reject Id 0 from 192.168.2.1:1812 to 192.168.2.2:44444 length 44
(1) EAP-Message = 0x04010004
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) Cleaning up request packet ID 0 with timestamp +16 due to done
eady to process requests
Waking up in 0.3 seconds.
Thread 1 got semaphore
Thread 1 handling request 2, (2 handled so far)
(2) Received Access-Request Id 0 from 192.168.2.2:44444 to
192.168.2.1:1812 length 117
(2) User-Name = "as"
(2) NAS-IP-Address = 192.168.2.2
(2) Called-Station-Id = "b4378330fc3b"
(2) Calling-Station-Id = "5a5b3135062e"
(2) NAS-Identifier = "b4378330fc3b"
(2) NAS-Port = 29
(2) Framed-MTU = 1400
(2) NAS-Port-Type = Wireless-802.11
(2) EAP-Message = 0x02000007016173
(2) Message-Authenticator = 0x65ea19588c27954be750b34f05da01b7
(2) session-state: No State attribute
(2) # Executing section authorize from file /etc/raddb/radiusd.conf
(2) authorize {
(2) modsingle[authorize]: calling eap (rlm_eap)
(2) eap: Peer sent EAP Response (code 2) ID 0 length 7
(2) eap: EAP-Identity reply, returning 'ok' so we can short-circuit
the rest of authorize
(2) modsingle[authorize]: returned from eap (rlm_eap)
(2) [eap] = ok
(2) } # authorize = ok
(2) Found Auth-Type = eap
(2) # Executing group from file /etc/raddb/radiusd.conf
(2) authenticate {
(2) modsingle[authenticate]: calling eap (rlm_eap)
(2) eap: Peer sent packet with method EAP Identity (1)
(2) eap: Calling submodule eap_tls to process data
(2) eap_tls: (TLS) TLS -Initiating new session
(2) eap_tls: (TLS) TLS - Setting verify mode to require certificate from client
(2) eap_tls: [eaptls start] = request
(2) eap: Sending EAP Request (code 1) ID 1 length 10
(2) eap: EAP session adding &reply:State = 0x73da5fd773db5206
(2) modsingle[authenticate]: returned from eap (rlm_eap)
(2) [eap] = handled
(2) } # authenticate = handled
(2) Using Post-Auth-Type Challenge
(2) Post-Auth-Type sub-section not found. Ignoring.
(2) session-state: Saving cached attributes
(2) Framed-MTU = 1014
(2) Sent Access-Challenge Id 0 from 192.168.2.1:1812 to
192.168.2.2:44444 length 68
(2) EAP-Message = 0x0101000a0da000000000
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0x73da5fd773db520659675dbb5c31485d
(2) Finished request
Thread 1 waiting to be assigned a request
(2) Cleaning up request packet ID 0 with timestamp +131 due to
conflicting packet was received
Waking up in 0.3 seconds.
Thread 2 got semaphore
Thread 2 handling request 3, (2 handled so far)
(3) Received Access-Request Id 0 from 192.168.2.2:44444 to
192.168.2.1:1812 length 265
(3) User-Name = "as"
(3) NAS-IP-Address = 192.168.2.2
(3) Called-Station-Id = "b4378330fc3b"
(3) Calling-Station-Id = "5a5b3135062e"
(3) NAS-Identifier = "b4378330fc3b"
(3) NAS-Port = 29
(3) Framed-MTU = 1400
(3) State = 0x73da5fd773db520659675dbb5c31485d
(3) NAS-Port-Type = Wireless-802.11
(3) EAP-Message =
0x020100890d00160301007e0100007a030367df7d21f4b742d6792d0128f9d335437102d658ee7fe1dc1c334257dacf927600002ac014c013003900330035002fc028c027006b0067003d003cc030c02f009f009e009d009cc0120016000a0100002700
(3) Message-Authenticator = 0x68e323e0b85f9b9e6c84bec8bc5bb779
(3) Restoring &session-state
(3) &session-state:Framed-MTU = 1014
(3) # Executing section authorize from file /etc/raddb/radiusd.conf
(3) authorize {
(3) modsingle[authorize]: calling eap (rlm_eap)
(3) eap: Peer sent EAP Response (code 2) ID 1 length 137
(3) eap: No EAP Start, assuming it's an on-going EAP conversation
(3) modsingle[authorize]: returned from eap (rlm_eap)
(3) [eap] = updated
(3) } # authorize = updated
(3) Found Auth-Type = eap
(3) # Executing group from file /etc/raddb/radiusd.conf
(3) authenticate {
(3) modsingle[authenticate]: calling eap (rlm_eap)
(3) eap: Removing EAP session with state 0x73da5fd773db5206
(3) eap: Previous EAP request found for state 0x73da5fd773db5206,
released from the list
(3) eap: Peer sent packet with method EAP TLS (13)
(3) eap: Calling submodule eap_tls to process data
(3) eap_tls: (TLS) EAP Continuing ...
(3) eap_tls: (TLS) EAP Peer sent flags ---
(3) eap_tls: (TLS) EAP Got final fragment (131 bytes)
WARNING: (3) eap_tls: (TLS) EAP Total received record fragments (131
bytes), does not equal expected expected data length (0 bytes)
(3) eap_tls: (TLS) EAP Verification says ok
(3) eap_tls: (TLS) EAP Done initial handshake
(3) eap_tls: (TLS) TLS - Handshake state [PINIT] - before SSL initialization (0)
(3) eap_tls: (TLS) TLS - Handshake state [PINIT] - Server before SSL
initialization (0)
(TLS) Ignoring cbtls_msg call with pseudo content type 256, version 00000301
(3) eap_tls: (TLS) TLS - Handshake state [PINIT] - Server before SSL
initialization (0)
(TLS) Received 126 bytes of TLS data
(TLS) 01 00 00 7a 03 03 67 df 7d 21 f4 b7 42 d6 79 2d
(TLS) 01 28 f9 d3 35 43 71 02 d6 58 ee 7f e1 dc 1c 33
(TLS) 42 57 da cf 92 76 00 00 2a c0 14 c0 13 00 39 00
(TLS) 33 00 35 00 2f c0 28 c0 27 00 6b 00 67 00 3d 00
(TLS) 3c c0 30 c0 2f 00 9f 00 9e 00 9d 00 9c c0 12 00
(TLS) 16 00 0a 01 00 00 27 00 0a 00 10 00 0e 00 17 00
(TLS) 18 01 00 01 01 01 02 01 03 01 04 00 0d 00 0a 00
(TLS) 08 05 01 04 01 01 01 02 01 ff 01 00 01 00
(3) eap_tls: (TLS) TLS - recv TLS 1.3 Handshake, ClientHello
(TLS) Ignoring cbtls_msg call with pseudo content type 256, version 00000303
(TLS) Received 2 bytes of TLS data
(TLS) 02 28
(3) eap_tls: (TLS) TLS - send TLS 1.2 Alert, fatal handshake_failure
ERROR: (3) eap_tls: (TLS) TLS - Alert write:fatal:handshake failure
ERROR: (3) eap_tls: (TLS) TLS - Server : Error in error
(3) eap_tls: Server preferred ciphers (by priority)
(3) eap_tls: (TLS) [0] TLS_AES_256_GCM_SHA384
(3) eap_tls: (TLS) [1] TLS_AES_128_GCM_SHA256
(3) eap_tls: (TLS) [2] ECDHE-ECDSA-AES256-GCM-SHA384
(3) eap_tls: (TLS) [3] ECDHE-RSA-AES256-GCM-SHA384
(3) eap_tls: (TLS) [4] DHE-DSS-AES256-GCM-SHA384
(3) eap_tls: (TLS) [5] DHE-RSA-AES256-GCM-SHA384
(3) eap_tls: (TLS) [6] ECDHE-ECDSA-AES256-CCM
(3) eap_tls: (TLS) [7] DHE-RSA-AES256-CCM
(3) eap_tls: (TLS) [8] ECDHE-ECDSA-ARIA256-GCM-SHA384
(3) eap_tls: (TLS) [9] ECDHE-ARIA256-GCM-SHA384
(3) eap_tls: (TLS) [10] DHE-DSS-ARIA256-GCM-SHA384
(3) eap_tls: (TLS) [11] DHE-RSA-ARIA256-GCM-SHA384
(3) eap_tls: (TLS) [12] ADH-AES256-GCM-SHA384
(3) eap_tls: (TLS) [13] ECDHE-ECDSA-AES128-GCM-SHA256
(3) eap_tls: (TLS) [14] ECDHE-RSA-AES128-GCM-SHA256
(3) eap_tls: (TLS) [15] DHE-DSS-AES128-GCM-SHA256
(3) eap_tls: (TLS) [16] DHE-RSA-AES128-GCM-SHA256
(3) eap_tls: (TLS) [17] ECDHE-ECDSA-AES128-CCM
(3) eap_tls: (TLS) [18] DHE-RSA-AES128-CCM
(3) eap_tls: (TLS) [19] ECDHE-ECDSA-ARIA128-GCM-SHA256
(3) eap_tls: (TLS) [20] ECDHE-ARIA128-GCM-SHA256
(3) eap_tls: (TLS) [21] DHE-DSS-ARIA128-GCM-SHA256
(3) eap_tls: (TLS) [22] DHE-RSA-ARIA128-GCM-SHA256
(3) eap_tls: (TLS) [23] ADH-AES128-GCM-SHA256
(3) eap_tls: (TLS) [24] ECDHE-ECDSA-AES256-SHA384
(3) eap_tls: (TLS) [25] ECDHE-RSA-AES256-SHA384
(3) eap_tls: (TLS) [26] DHE-RSA-AES256-SHA256
(3) eap_tls: (TLS) [27] DHE-DSS-AES256-SHA256
(3) eap_tls: (TLS) [28] ECDHE-ECDSA-CAMELLIA256-SHA384
(3) eap_tls: (TLS) [29] ECDHE-RSA-CAMELLIA256-SHA384
(3) eap_tls: (TLS) [30] DHE-RSA-CAMELLIA256-SHA256
(3) eap_tls: (TLS) [31] DHE-DSS-CAMELLIA256-SHA256
(3) eap_tls: (TLS) [32] ADH-AES256-SHA256
(3) eap_tls: (TLS) [33] ADH-CAMELLIA256-SHA256
(3) eap_tls: (TLS) [34] ECDHE-ECDSA-AES128-SHA256
(3) eap_tls: (TLS) [35] ECDHE-RSA-AES128-SHA256
(3) eap_tls: (TLS) [36] DHE-RSA-AES128-SHA256
(3) eap_tls: (TLS) [37] DHE-DSS-AES128-SHA256
(3) eap_tls: (TLS) [38] ECDHE-ECDSA-CAMELLIA128-SHA256
(3) eap_tls: (TLS) [39] ECDHE-RSA-CAMELLIA128-SHA256
(3) eap_tls: (TLS) [40] DHE-RSA-CAMELLIA128-SHA256
(3) eap_tls: (TLS) [41] DHE-DSS-CAMELLIA128-SHA256
(3) eap_tls: (TLS) [42] ADH-AES128-SHA256
(3) eap_tls: (TLS) [43] ADH-CAMELLIA128-SHA256
(3) eap_tls: (TLS) [44] ECDHE-ECDSA-AES256-SHA
(3) eap_tls: (TLS) [45] ECDHE-RSA-AES256-SHA
(3) eap_tls: (TLS) [46] DHE-RSA-AES256-SHA
(3) eap_tls: (TLS) [47] DHE-DSS-AES256-SHA
(3) eap_tls: (TLS) [48] DHE-RSA-CAMELLIA256-SHA
(3) eap_tls: (TLS) [49] DHE-DSS-CAMELLIA256-SHA
(3) eap_tls: (TLS) [50] AECDH-AES256-SHA
(3) eap_tls: (TLS) [51] ADH-AES256-SHA
(3) eap_tls: (TLS) [52] ADH-CAMELLIA256-SHA
(3) eap_tls: (TLS) [53] ECDHE-ECDSA-AES128-SHA
(3) eap_tls: (TLS) [54] ECDHE-RSA-AES128-SHA
(3) eap_tls: (TLS) [55] DHE-RSA-AES128-SHA
(3) eap_tls: (TLS) [56] DHE-DSS-AES128-SHA
(3) eap_tls: (TLS) [57] DHE-RSA-CAMELLIA128-SHA
(3) eap_tls: (TLS) [58] DHE-DSS-CAMELLIA128-SHA
(3) eap_tls: (TLS) [59] AECDH-AES128-SHA
(3) eap_tls: (TLS) [60] ADH-AES128-SHA
(3) eap_tls: (TLS) [61] ADH-CAMELLIA128-SHA
(3) eap_tls: (TLS) [62] AES256-GCM-SHA384
(3) eap_tls: (TLS) [63] AES256-CCM
(3) eap_tls: (TLS) [64] ARIA256-GCM-SHA384
(3) eap_tls: (TLS) [65] AES128-GCM-SHA256
(3) eap_tls: (TLS) [66] AES128-CCM
(3) eap_tls: (TLS) [67] ARIA128-GCM-SHA256
(3) eap_tls: (TLS) [68] AES256-SHA256
(3) eap_tls: (TLS) [69] CAMELLIA256-SHA256
(3) eap_tls: (TLS) [70] AES128-SHA256
(3) eap_tls: (TLS) [71] CAMELLIA128-SHA256
(3) eap_tls: (TLS) [72] SRP-DSS-AES-256-CBC-SHA
(3) eap_tls: (TLS) [73] SRP-RSA-AES-256-CBC-SHA
(3) eap_tls: (TLS) [74] SRP-AES-256-CBC-SHA
(3) eap_tls: (TLS) [75] AES256-SHA
(3) eap_tls: (TLS) [76] CAMELLIA256-SHA
(3) eap_tls: (TLS) [77] SRP-DSS-AES-128-CBC-SHA
(3) eap_tls: (TLS) [78] SRP-RSA-AES-128-CBC-SHA
(3) eap_tls: (TLS) [79] SRP-AES-128-CBC-SHA
(3) eap_tls: (TLS) [80] AES128-SHA
(3) eap_tls: (TLS) [81] CAMELLIA128-SHA
(3) eap_tls: (TLS) TLS - Client preferred ciphers (by priority)
(3) eap_tls: (TLS) [0] ECDHE-RSA-AES256-SHA
(3) eap_tls: (TLS) [1] ECDHE-RSA-AES128-SHA
(3) eap_tls: (TLS) [2] DHE-RSA-AES256-SHA
(3) eap_tls: (TLS) [3] DHE-RSA-AES128-SHA
(3) eap_tls: (TLS) [4] AES256-SHA
(3) eap_tls: (TLS) [5] AES128-SHA
(3) eap_tls: (TLS) [6] ECDHE-RSA-AES256-SHA384
(3) eap_tls: (TLS) [7] ECDHE-RSA-AES128-SHA256
(3) eap_tls: (TLS) [8] DHE-RSA-AES256-SHA256
(3) eap_tls: (TLS) [9] DHE-RSA-AES128-SHA256
(3) eap_tls: (TLS) [10] AES256-SHA256
(3) eap_tls: (TLS) [11] AES128-SHA256
(3) eap_tls: (TLS) [12] ECDHE-RSA-AES256-GCM-SHA384
(3) eap_tls: (TLS) [13] ECDHE-RSA-AES128-GCM-SHA256
(3) eap_tls: (TLS) [14] DHE-RSA-AES256-GCM-SHA384
(3) eap_tls: (TLS) [15] DHE-RSA-AES128-GCM-SHA256
(3) eap_tls: (TLS) [16] AES256-GCM-SHA384
(3) eap_tls: (TLS) [17] AES128-GCM-SHA256
ERROR: (3) eap_tls: (TLS) Failed reading from OpenSSL:
ssl/statem/statem_srvr.c[2312]:error:0A0000C1:lib(20)::reason(193)
ERROR: (3) eap_tls: (TLS) System call (I/O) error (-1)
ERROR: (3) eap_tls: (TLS) EAP Receive handshake failed during operation
ERROR: (3) eap_tls: [eaptls process] = fail
ERROR: (3) eap: Failed continuing EAP TLS (13) session. EAP sub-module failed
(3) eap: Sending EAP Failure (code 4) ID 1 length 4
(3) eap: Failed in EAP select
(3) modsingle[authenticate]: returned from eap (rlm_eap)
(3) [eap] = invalid
(3) } # authenticate = invalid
(3) Failed to authenticate the user
(3) Using Post-Auth-Type Reject
(3) Post-Auth-Type sub-section not found. Ignoring.
(3) Login incorrect (eap_tls: (TLS) TLS - Alert write:fatal:handshake
failure): [as] (from client ac port 29 cli 5a5b3135062e)
(3) Delaying response for 5.000000 seconds
Thread 2 waiting to be assigned a request
Waking up in 4.6 seconds.
(3) Sending delayed response
(3) Sent Access-Reject Id 0 from 192.168.2.1:1812 to 192.168.2.2:44444 length 44
(3) EAP-Message = 0x04010004
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) Cleaning up request packet ID 0 with timestamp +131 due to done
Ready to process requests
More information about the Freeradius-Users
mailing list