On 27.5.2021 19.36, Heikki Vatiainen wrote:
On 27.5.2021 14.58, [email protected] wrote:
Is this a known issue?
As mentioned above, it's not. From what I know it's been used
successfully on RHEL/CentOS systems and it works for me on Mac.
The problem might be TLS version related. The above don't do TLSv1.3.
I'd say this is something specific for Debian 10 because the problem is
not that hard to reproduce. This needs further investigation.
If possible, can you update AuthDUO.pm sub get_ssl_opts() with the
following:
$ssl_opts{SSL_version} = 'TLSv1_2';
This kind of behaviour where TLS socket indicates read but there's no
user data available reminded me about TLS 1.3 and how it can send keys
for session resumption after TLS handshake has been done.
A look at HTTPS traffic shows that there's both TLS 1.2 and 1.3 by
default. Restricting TLS to 1.2 seems to make the problem go away.
If you could also check this, please let me know if it changes anything.
Thanks,
Heikki
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
