SSL routines:ssl3_read_bytes:tlsv1 alert internal error

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL routines:ssl3_read_bytes:tlsv1 alert internal error

DUPALUT, Benjamin
Hello,

First of all, sorry if my english isn't very good.

I'm using freeradius server to authenticate users on Eduroam Wi-Fi. I set up a local certification authority et signed the freeradius server certificate using openssl.

Users  got the CA certfificate via the Configuration Assistant Tool for Eduroam but it fails at the TLS session :

eap_peap: Peer indicated complete TLS record size will be 7 bytes
eap_peap: Got complete TLS record (7 bytes)
eap_peap: [eaptls verify] = length included
eap_peap: <<< recv TLS 1.2  [length 0002] 
eap_peap: ERROR: TLS Alert read:fatal:internal error
eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done
eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
eap_peap: ERROR: System call (I/O) error (-1)
eap_peap: ERROR: TLS receive handshake failed during operation
eap_peap: ERROR: [eaptls process] = fail
eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module failed

Does anyone knows where the problem come from ?

Thanks in advance for your help.

Benjamin Dupalut

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: SSL routines:ssl3_read_bytes:tlsv1 alert internal error

Matt Caswell-2


On 28/09/18 07:06, DUPALUT, Benjamin wrote:

> Hello,
>
> First of all, sorry if my english isn't very good.
>
> I'm using freeradius server to authenticate users on Eduroam Wi-Fi. I
> set up a local certification authority et signed the freeradius server
> certificate using openssl.
>
> Users  got the CA certfificate via the Configuration Assistant Tool for
> Eduroam but it fails at the TLS session :
>
> eap_peap: Peer indicated complete TLS record size will be 7 bytes
> eap_peap: Got complete TLS record (7 bytes)
> eap_peap: [eaptls verify] = length included
> eap_peap: <<< recv TLS 1.2  [length 0002] 
> eap_peap: ERROR: TLS Alert read:fatal:internal error
> eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done
> eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094438:SSL
> routines:ssl3_read_bytes:tlsv1 alert internal error

This error actually comes from the peer. The peer has sent an internal
error alert to your server, which then causes your server to abort the
connection. So the question is why does the peer send the internal error
alert? Can any logging be obtained from that side of the connection?

Matt


> eap_peap: ERROR: System call (I/O) error (-1)
> eap_peap: ERROR: TLS receive handshake failed during operation
> eap_peap: ERROR: [eaptls process] = fail
> eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module failed
>
> Does anyone knows where the problem come from ?
>
> Thanks in advance for your help.
>
> Benjamin Dupalut
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: SSL routines:ssl3_read_bytes:tlsv1 alert internal error

DUPALUT, Benjamin
Hi Matt,

Thank you for your answer.

I don't the Wi-Fi controler that initiate the connection but i can try to ask for logs.

I will come back to you if i manage to get those logs.

Cordialement,

Benjamin Dupalut
Ingénieur système et réseau
Service Informatique, Télécommunications, Audiovisuel et Reprographie (SITAR)
ESIEE Paris
2 bd Blaise Pascal - 93162 Noisy-le-Grand Cedex
T : +33 1 45 92 66 17
[hidden email]
www.esiee.fr / www.cci-paris-idf.fr


Le ven. 28 sept. 2018 à 12:31, Matt Caswell <[hidden email]> a écrit :


On 28/09/18 07:06, DUPALUT, Benjamin wrote:
> Hello,
>
> First of all, sorry if my english isn't very good.
>
> I'm using freeradius server to authenticate users on Eduroam Wi-Fi. I
> set up a local certification authority et signed the freeradius server
> certificate using openssl.
>
> Users  got the CA certfificate via the Configuration Assistant Tool for
> Eduroam but it fails at the TLS session :
>
> eap_peap: Peer indicated complete TLS record size will be 7 bytes
> eap_peap: Got complete TLS record (7 bytes)
> eap_peap: [eaptls verify] = length included
> eap_peap: <<< recv TLS 1.2  [length 0002] 
> eap_peap: ERROR: TLS Alert read:fatal:internal error
> eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done
> eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094438:SSL
> routines:ssl3_read_bytes:tlsv1 alert internal error

This error actually comes from the peer. The peer has sent an internal
error alert to your server, which then causes your server to abort the
connection. So the question is why does the peer send the internal error
alert? Can any logging be obtained from that side of the connection?

Matt


> eap_peap: ERROR: System call (I/O) error (-1)
> eap_peap: ERROR: TLS receive handshake failed during operation
> eap_peap: ERROR: [eaptls process] = fail
> eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module failed
>
> Does anyone knows where the problem come from ?
>
> Thanks in advance for your help.
>
> Benjamin Dupalut
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users