TLS 1.0

classic Classic list List threaded Threaded
1 message Options
| Threaded
Open this post in threaded view
|

TLS 1.0

Users mailing list
Hi,

What does this message mean?

(2) eap: Calling submodule eap_peap to process data
(2) eap_peap: Continuing EAP-TLS
(2) eap_peap: Peer indicated complete TLS record size will be 88 bytes
(2) eap_peap: Got complete TLS record (88 bytes)
(2) eap_peap: [eaptls verify] = length included
(2) eap_peap: (other): before SSL initialization
(2) eap_peap: TLS_accept: before SSL initialization
(2) eap_peap: TLS_accept: before SSL initialization
(2) eap_peap: <<< recv TLS 1.3  [length 0053]
(2) eap_peap: >>> send TLS 1.0 Alert [length 0002], fatal protocol_version
(2) eap_peap: ERROR: TLS Alert write:fatal:protocol version
tls: TLS_accept: Error in error
(2) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
(2) eap_peap: ERROR: System call (I/O) error (-1)
(2) eap_peap: ERROR: TLS receive handshake failed during operation
(2) eap_peap: ERROR: [eaptls process] = fail
(2) eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module failed
(2) eap: Sending EAP Failure (code 4) ID 216 length 4
(2) eap: Failed in EAP select
(2)     [eap] = invalid

I'm getting this only when Windows 7 and other older clients try to connect, but not with Windows 10 clients.

My version of openssl is 1.1.1g and frreradius is 3.0.20.

If it's a TLS version issue, is there a way to explicitly enable whichever version now seems to be unsupported (TLS 1.0?).

Regards,

Vieri

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html