On 03.03.2020 16:03, Alfred Arnold wrote:
Hi,
Alfred, I'd like to say "thanks" once more.
I tried with newer ciphers and version 1.2 - and now freeradius
(3.0.16) indeed sends me the second
"challenge". So, it's a huge progress.
Indeed, the capture now looks like an EAP-TLS negotiation
Hi,
Alfred, I'd like to say "thanks" once more.
I tried with newer ciphers and version 1.2 - and now freeradius (3.0.16)
indeed sends me the second
"challenge". So, it's a huge progress.
Indeed, the capture now looks like an EAP-TLS negotiation should go on.
The server accepted the client
On 02/03/2020 11:28, iilinasi wrote:
> Freeradius (3.0.16, 3.0.20)
Could be this issue:
https://github.com/FreeRADIUS/freeradius-server/issues/2385
"It may be due to the issue fixed in commit fd803c9. 3.0.17 sometimes
complained that TLS 1.3 was unknown, and refused to do TLS 1.3 at all.
On 03/03/2020 12:51, iilinasi wrote:
> Alfred, I'd like to say "thanks" once more.
>
> I tried with newer ciphers and version 1.2 - and now freeradius (3.0.16)
> indeed sends me the second "challenge". So, it's a huge progress.
>
> However it still complains on the unknown TLS version. I
Alfred, I'd like to say "thanks" once more.
I tried with newer ciphers and version 1.2 - and now freeradius (3.0.16)
indeed sends me the second "challenge". So, it's a huge progress.
However it still complains on the unknown TLS version. I attach the
server log and the packet capture, just
Thank you Alfred!
Yup, I used old ciphers indeed. I suspect it stops even before checking
them, but I'll add newer ones and let you know.
This is the relevant part of freeradius log, just in case:
--
(1) eap_tls: TLS_accept: before SSL initialization
(1) eap_tls: TLS_accept: before SSL
Hi,
I'd like to understand, how does OpenSSL get to the idea of "0304"
version, if there is no such a
byte sequence in the packet...
My question is: how OpenSSL determines the TLS version? How to debug it?
I don't see any TLS 1.3 in the capture as well, but I see that your client
is using
On 02/03/2020 11:28, iilinasi wrote:
> I'd like to understand, how does OpenSSL get to the idea of "0304"
> version, if there is no such a byte sequence in the packet...
> My question is: how OpenSSL determines the TLS version? How to debug it?
>
Very strange. I have no idea. Looking at the
Dear everyone,
I'm looking for your pointers to help me to debug the issue I
have.
I try to implement an auth exchange with the RADIUS, requesting EAP-TLS.
At this moment I only need to get to the phase when server responds with
Access-Challenge with server certificate (so, 2 packets from
