hello, I have found some errors in my freeradius server logs. It seems that some clients are having problems to authenticate againts them. I'm using PEAP/MSCHAPv2 with the latest freeradius version and SUSE OS.
Mon Mar 29 14:20:56 2010 : Error: TLS Alert write:fatal:protocol version Mon Mar 29 14:20:56 2010 : Error: rlm_eap: SSL error error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Mon Mar 29 14:20:56 2010 : Error: SSL: SSL_read failed in a system call (-1), TLS session fails. I have debuged the servers and when this error appears there are differences in the TLS negotiation of PEAP: example of succesful negotiation: ------------------------------------------------ [peap] processing EAP-TLS TLS Length 102 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0061], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 05aa], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED example of unsuccesful negotiation: ---------------------------------------------------- [peap] processing EAP-TLS TLS Length 109 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0061], ClientHello [peap] TLS_accept: SSLv3 read client hello C [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 05aa], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] >>> Unknown TLS version [length 0002] TLS Alert write:fatal:protocol version [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A rlm_eap: SSL error error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version num ber SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation [peap] eaptls_process returned 4 [peap] EAPTLS_OTHERS I will look if something is bad configured in the user's wifi profile, but does anybody have this problem previously? Thanks, -- Christian Pinedo Zamalloa (zako) PGP keyID: 0x828D0C80 Fingerprint: 7BFF 4105 F46B 7977 BD96 348C 1007 4FF8 828D 0C80
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html