[Pkg-freeradius-maintainers] Bug#1012330: freeradius: After upgrade to 3.2.0+dfsg-1 some (older?) client stop connect
Kamil Jonca
kjonca at poczta.onet.pl
Sat Jun 4 11:59:19 BST 2022
Package: freeradius
Version: 3.2.0+dfsg-1
Severity: important
X-Debbugs-Cc: kjonca at poczta.onet.pl
When upgraded to new version I found that some clients cannot connect.
In logs I have:
Sat Jun 4 12:44:50 2022 : Debug: (2) eap1: Expiring EAP session with state 0xab52c2e6aa35db5e
Sat Jun 4 12:44:50 2022 : Debug: (2) eap1: Finished EAP session with state 0xab52c2e6aa35db5e
Sat Jun 4 12:44:50 2022 : Debug: (2) eap1: Previous EAP request found for state 0xab52c2e6aa35db5e, released from the list
Sat Jun 4 12:44:50 2022 : Debug: (2) eap1: Peer sent packet with method EAP PEAP (25)
Sat Jun 4 12:44:50 2022 : Debug: (2) eap1: Calling submodule eap_peap to process data
Sat Jun 4 12:44:50 2022 : Debug: (2) eap_peap: (TLS) EAP Continuing ...
Sat Jun 4 12:44:50 2022 : Debug: (2) eap_peap: (TLS) EAP Peer sent flags --L
Sat Jun 4 12:44:50 2022 : Debug: (2) eap_peap: (TLS) EAP Peer says that the final record size will be 195 bytes
Sat Jun 4 12:44:50 2022 : Debug: (2) eap_peap: (TLS) EAP Got all data (195 bytes)
Sat Jun 4 12:44:50 2022 : Debug: (2) eap_peap: (TLS) EAP Verification says length included
Sat Jun 4 12:44:50 2022 : Debug: (2) eap_peap: (TLS) Handshake state [PINIT] - before SSL initialization (0)
Sat Jun 4 12:44:50 2022 : Debug: (2) eap_peap: (TLS) Handshake state [PINIT] - Server before SSL initialization (0)
Sat Jun 4 12:44:50 2022 : Debug: (2) eap_peap: (TLS) Handshake state [PINIT] - Server before SSL initialization (0)
Sat Jun 4 12:44:50 2022 : Debug: (2) eap_peap: (TLS) recv TLS 1.3 Handshake, ClientHello
Sat Jun 4 12:44:50 2022 : Debug: (2) eap_peap: (TLS) send TLS 1.0 Alert, fatal internal_error
Sat Jun 4 12:44:50 2022 : ERROR: (2) eap_peap: (TLS) Alert write:fatal:internal error
Sat Jun 4 12:44:50 2022 : ERROR: (2) eap_peap: (TLS) Server : Error in error
Sat Jun 4 12:44:50 2022 : ERROR: (2) eap_peap: (TLS) Failed reading from OpenSSL: ../ssl/t1_lib.c[3331]:error:0A000076:SSL routines::no suitable signature algorithm
Sat Jun 4 12:44:50 2022 : ERROR: (2) eap_peap: (TLS) System call (I/O) error (-1)
Sat Jun 4 12:44:50 2022 : ERROR: (2) eap_peap: (TLS) EAP Receive handshake failed during operation
Sat Jun 4 12:44:50 2022 : ERROR: (2) eap_peap: [eaptls process] = fail
Sat Jun 4 12:44:50 2022 : ERROR: (2) eap1: Failed continuing EAP PEAP (25) session. EAP sub-module failed
I played with
cipher_list =
tls_min_version= ..
tls_max_version = ...
in /etc/freeradius/3.0/mods-enabled/eap
file but without success...
before upgrade there were
cipher_list = "DEFAULT:TLSv1.0"
tls_min_version= 1.0
downgrading to 3.0.25 resolves the issue.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.17.0-2-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages freeradius depends on:
ii freeradius-common 3.0.25+dfsg-1.1
ii freeradius-config 3.0.25+dfsg-1.1
ii libc6 2.33-7
ii libcrypt1 1:4.4.27-1.1
ii libct4 1.3.6-1.1
ii libfreeradius3 3.2.0+dfsg-1
ii libgdbm6 1.23-1
ii libjson-c5 0.16-1
ii libpam0g 1.4.0-13
ii libperl5.34 5.34.0-4
ii libreadline8 8.1.2-1.2
ii libsqlite3-0 3.38.5-1
ii libssl3 3.0.3-5
ii libsystemd0 251.1-1
ii libtalloc2 2.3.3-4
ii libwbclient0 2:4.16.1+dfsg-4
ii lsb-base 11.2
Versions of packages freeradius recommends:
ii freeradius-utils 3.2.0+dfsg-1
Versions of packages freeradius suggests:
pn freeradius-krb5 <none>
ii freeradius-ldap 3.2.0+dfsg-1
pn freeradius-mysql <none>
ii freeradius-postgresql 3.2.0+dfsg-1
pn freeradius-python3 <none>
pn snmp <none>
-- Configuration Files:
/etc/default/freeradius changed [not included]
/etc/logrotate.d/freeradius changed [not included]
-- no debconf information
More information about the Pkg-freeradius-maintainers
mailing list