More specifically, here's the debug output: Fri Oct 21 14:52:17 2022: DEBUG: AuthSQL Handling EAP type 1 (Identity), code: 2 (Response), identifier: 191, length: 20 Fri Oct 21 14:52:17 2022: DEBUG: Initialised SSL library: Net::SSLeay 1.92, OpenSSL 1.1.1o-freebsd 3 May 2022 Fri Oct 21 14:52:17 2022: DEBUG: TLS: Using 0x9 (9) for Net::SSLeay constant ERROR_WANT_ASYNC Fri Oct 21 14:52:17 2022: DEBUG: TLS: Using 0xa (10) for Net::SSLeay constant ERROR_WANT_ASYNC_JOB Fri Oct 21 14:52:17 2022: DEBUG: TLS: Using 0xb (11) for Net::SSLeay constant ERROR_WANT_CLIENT_HELLO_CB Fri Oct 21 14:52:17 2022: DEBUG: TLS: Using 0xc (12) for Net::SSLeay constant ERROR_WANT_RETRY_VERIFY Fri Oct 21 14:52:17 2022: DEBUG: TLS: Using 0x8 (8) for Net::SSLeay constant SSL2_MT_CLIENT_CERTIFICATE Fri Oct 21 14:52:17 2022: DEBUG: TLS: Using 0x3 (3) for Net::SSLeay constant SSL2_MT_CLIENT_FINISHED Fri Oct 21 14:52:17 2022: DEBUG: TLS: Using 0x2 (2) for Net::SSLeay constant SSL2_MT_CLIENT_MASTER_KEY Fri Oct 21 14:52:17 2022: DEBUG: TLS: Using 0x0 (0) for Net::SSLeay constant SSL2_MT_ERROR Fri Oct 21 14:52:17 2022: DEBUG: TLS: Using 0x6 (6) for Net::SSLeay constant SSL2_MT_REQUEST_CERTIFICATE Fri Oct 21 14:52:17 2022: DEBUG: TLS: Using 0x6 (6) for Net::SSLeay constant SSL2_MT_SERVER_FINISHED Fri Oct 21 14:52:17 2022: DEBUG: TLS: Using 0x4 (4) for Net::SSLeay constant SSL2_MT_SERVER_HELLO Fri Oct 21 14:52:17 2022: DEBUG: TLS: Using 0x5 (5) for Net::SSLeay constant SSL2_MT_SERVER_VERIFY Fri Oct 21 14:52:17 2022: DEBUG: TLS: Using 0x2 (2) for Net::SSLeay constant TLSEXT_ERR_ALERT_FATAL Fri Oct 21 14:52:17 2022: DEBUG: TLS: Using 0x1 (1) for Net::SSLeay constant TLSEXT_ERR_ALERT_WARNING Fri Oct 21 14:52:17 2022: DEBUG: TLS: Using 0x3 (3) for Net::SSLeay constant TLSEXT_ERR_NOACK Fri Oct 21 14:52:17 2022: DEBUG: TLS: Using 0x0 (0) for Net::SSLeay constant TLSEXT_ERR_OK Fri Oct 21 14:52:17 2022: DEBUG: AuthSQL setting TLS protocols to: TLSv1.3 Fri Oct 21 14:52:17 2022: DEBUG: AuthSQL setting EAPTLS_Ciphers to: DEFAULT:!EXPORT:!LOW@SECLEVEL=1 Fri Oct 21 14:52:17 2022: DEBUG: EAP result: 3, EAP-TTLS Challenge Fri Oct 21 14:52:17 2022: DEBUG: Radius::AuthGROUP: result: CHALLENGE, EAP-TTLS Challenge Fri Oct 21 14:52:17 2022: DEBUG: AuthBy GROUP result: CHALLENGE, EAP-TTLS Challenge Fri Oct 21 14:52:17 2022: DEBUG: Access challenged for <....>: EAP-TTLS Challenge
Fri Oct 21 14:52:17 2022: DEBUG: Handling with Radius::AuthGROUP: Fri Oct 21 14:52:17 2022: DEBUG: Handling with AuthSQL Fri Oct 21 14:52:17 2022: DEBUG: Handling with Radius::AuthSQL: Fri Oct 21 14:52:17 2022: DEBUG: AuthSQL Handling EAP type 21 (TTLS), code: 2 (Response), identifier: 192, length: 196 Fri Oct 21 14:52:17 2022: DEBUG: AuthSQL EAP-TTLS TLS state: before SSL initialization Fri Oct 21 14:52:17 2022: DEBUG: AuthSQL EAP-TTLS TLS state: before SSL initialization Fri Oct 21 14:52:17 2022: DEBUG: AuthSQL EAP-TTLS TLS state: before SSL initialization Fri Oct 21 14:52:17 2022: DEBUG: AuthSQL EAP-TTLS TLS handshake: Direction IN, Version: TLS 1.3, Record content: (22) Handshake, message type: (1) ClientHello Fri Oct 21 14:52:17 2022: DEBUG: AuthSQL EAP-TTLS TLS handshake: Direction OUT, Version: TLS 1.2, Record content: (21) Alert, level: (2) fatal, description: (70) protocol version Fri Oct 21 14:52:17 2022: DEBUG: AuthSQL EAP-TTLS TLS state: error Fri Oct 21 14:52:17 2022: DEBUG: AuthSQL EAP-TTLS TLS state: error Fri Oct 21 14:52:17 2022: DEBUG: AuthSQL EAP-TTLS SSL_accept result: -1, reason/error: 'SSL_ERROR_SSL, state: 'error' Fri Oct 21 14:52:17 2022: ERR: AuthSQL EAP-TTLS TLS Handshake error: result: -1, reason/error: 'SSL_ERROR_SSL', state: 'error', error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol Fri Oct 21 14:52:17 2022: DEBUG: AuthSQL EAP Failure, elapsed time 0.050957 Fri Oct 21 14:52:17 2022: DEBUG: EAP result: 1, EAP-TTLS TLS Handshake error: unsupported protocol Fri Oct 21 14:52:17 2022: DEBUG: Radius::AuthGROUP: result: REJECT, EAP-TTLS TLS Handshake error: unsupported protocol Fri Oct 21 14:52:17 2022: DEBUG: AuthBy GROUP result: REJECT, EAP-TTLS TLS Handshake error: unsupported protocol Fri Oct 21 14:52:17 2022: INFO: Access rejected for 888901007406545: EAP-TTLS TLS Handshake error: unsupported protocol We're running OpenSSL 1.1.1o and Net:SSLeay 1.92 as detailed above. On Fri, Oct 21, 2022 at 1:39 PM Cassidy B. Larson <[email protected]> wrote: > We're spinning up a new EAP-TTLS source. Installed latest dev of 4.26-24. > When I force EAP_TLS_Protocols to TLSv1.3 alone, I see the TLSv1.3 > handshake request come in, but outbound handshake is TLSv1.2. Apparently > our vendor only allows TLSv1.3 right now. > > Any ideas how to get outbound handshakes to use TLSv1.3? > > Fri Oct 21 13:30:12 2022: DEBUG: AuthSQL EAP-TTLS TLS handshake: Direction > IN, Version: TLS 1.3, Record content: (22) Handshake, message type: (1) > ClientHello Fri Oct 21 13:30:12 2022: DEBUG: AuthSQL EAP-TTLS TLS > handshake: Direction OUT, Version: TLS 1.2, Record content: (21) Alert, > level: (2) fatal, description: (70) protocol version > > > Thanks! > > -c >
_______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
