Christian Pinedo Zamalloa wrote: > hello, > > I have found some errors in my freeradius server logs. It seems that > some clients are having problems to authenticate againts them. I'm using > PEAP/MSCHAPv2 with the latest freeradius version and SUSE OS. > > Mon Mar 29 14:20:56 2010 : Error: TLS Alert write:fatal:protocol version > Mon Mar 29 14:20:56 2010 : Error: rlm_eap: SSL error error:1408F10B:SSL > routines:SSL3_GET_RECORD:wrong version number > Mon Mar 29 14:20:56 2010 : Error: SSL: SSL_read failed in a system call > (-1), TLS session fails.
The client is likely doing TLS v1.1, and the OpenSSL libraries don't support it. i.e. the client is *ignoring* TLS negotiation. They're broken. Tell the vendor to fix them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html