On 09/02/2011 12:09 AM, Michael Hulko wrote: > We are currently running 2 Radiator servers ver4.5.1.
> We have recently upgraded our certs to Thawte 2048 bit. > I have noticed an increase in the number of the these messages: > EAP TLS error: -1, 1, 8576, 9408: 1 - error:1408F10B:SSL > routines:SSL3_GET_RECORD:wrong version number Likely a corrupted packet. This comes from the SSL libraries Radiator uses. The library is telling it did not like SSL version when it did not find TLS1.0 or later but some corrupted values instead. > ERR: EAP PEAP TLS Handshake unsuccessful: 9408: 1 - error:1409442E:SSL > routines:SSL3_READ_BYTES:tlsv1 alert protocol version Alert comes from the client. The client probably received a corrupted packet. > ERR: EAP PEAP TLS read failed: 3888: 1 - error:1408F455:SSL > routines:SSL3_GET_RECORD:decryption failed or bad record Likely caused by a corrupted packet too. The corrupton was detected by TLS layer. > I am unsure of what these are indicative of. Are these client machine errors > or server process errors These look like corrupted messages. Maybe caused by a weak wireless reception where the client is just barely able to transmit and receive. Since you mentioned you had upgraded to a new cert, did the certificate size grow? This would mean there's more to transfer correctly during the authentication. You could also try this: EAPTLS_MaxFragmentSize 1000 This may help with devices that are unable to handle large messages. See the reference manual for more. Thanks! Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
