New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ttls fails with TLS 1.3 (openssl 1.1.1) #2385

Open
hartmans opened this Issue Jan 14, 2019 · 15 comments

Comments

Projects
None yet
3 participants
@hartmans
Copy link
Contributor

hartmans commented Jan 14, 2019

Issue type

  • Questions about the server or its usage MUST be posted to the users mailing list. If you post those issues here, they will be closed and locked. Repeat offenders will be BANNED.
  • Remote security exploits MUST be sent to security@freeradius.org.

REMOVE THOSE WHICH DO NOT APPLY

  • Defect - Non compliance with a standards document, or incorrect API usage.
  • Defect - Unexpected behaviour (obvious or verified by project member).

See here for debugging instructions and how to obtain backtraces.

Defect

How to reproduce the issue

I was putting together automated tests for moonshot-gss-eap in Debian accidentally ended up running with OpenSSL 1.1.1 and without specifying either a minimum or maximum tls version in mods-available/eap.
TLS 1.3 ended up getting selected, and freeradius produced a tls session ticket that moonshot was unable to decrypt at the TLS layer.
Using TLS 1.2 worked fine.
I was several layers deep in trying to get things done, and didn't capture very good logs, but since it was writing automated tests, reproducing from the test suite is easy to do.

My suspicion is that ttls is just broken with TLS 1.3, but if you think it is more complex than that I'm happy to provide logs.
If it is broken, it would be really nice to get a patch that caps out tls at 1.2 at least for ttls. It would be best not to cap it out for other things because for example it seems like tls 1.3 would be quite helpful for radsec.

@alandekok

This comment has been minimized.

Copy link
Member

alandekok commented Jan 14, 2019

It's possible to set up multiple EAP modules and/or multiple tls configurations, which lets you set tls_min_version and tls_max_version.

I'd prefer to use those as work-arounds instead of coming up with fixes specific for TTLS.

That gives a bit of breathing room, which lets us figure out why TTLS session tickets have issues with TLS 1.3.

From what I can tell, there's nothing specific in TTLS that interacts with TLS 1.3. The session tickets should just be part of the TLS exchange, and therefore completely invisible to TTLS.

@hartmans

This comment has been minimized.

Copy link
Contributor Author

hartmans commented Jan 14, 2019

@alandekok

This comment has been minimized.

Copy link
Member

alandekok commented Jan 14, 2019

Any work-around involves technical debt. I'd prefer to do root cause analysis where possible.

It's possible to have a short patch to TTLS that hard-codes TLS 1.2 as the maximum version, via something like this:

#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		if (!SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)) {
			WARN("Failed setting TLS maximum version to 1.2 for TTLS");
		}
#endif

That can be a temporary work-around.

I'd prefer to get logs, etc. to fix the underlying problem. I haven't tried reproducing it locally, and it will be a bit before I have time for that.

@hartmans

This comment has been minimized.

Copy link
Contributor Author

hartmans commented Jan 14, 2019

Here's client side logs

EAP: EAP entering state IDLE
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=9):
     40 74 65 73 74 2e 63 6f 6d                        @test.com       
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_sec_context: The routine must be called again to complete its function/no minor
gss_accept_sec_context: The routine must be called again to complete its function/no minor
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: configuration does not allow: vendor 0 method 4
EAP: vendor 0 method 4 not allowed
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK
EAP: Status notification: refuse proposed method (param=MD5)
EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed)
EAP: allowed methods - hexdump(len=1): 15
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_sec_context: The routine must be called again to complete its function/no minor
gss_accept_sec_context: The routine must be called again to complete its function/no minor
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
EAP: Status notification: accept proposed method (param=TTLS)
EAP: Initialize selected EAP method: vendor 0 method 21 (TTLS)
EAP-TTLS: Phase2 type: EAP
TLS: Phase2 EAP types - hexdump(len=72): 00 00 00 00 04 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 2f 00 00 00 00 00 00 00 2e 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 33 00 00 00
TLS: using phase1 config options
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-TTLS: Start (server ver=0, own ver=0)
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before SSL initialization
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x304 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=278): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write client hello
SSL: SSL_connect - want more data
SSL: 283 bytes pending from ssl_out
SSL: 283 bytes left to be sent out (of total 283 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x559fcfd04f40
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_sec_context: The routine must be called again to complete its function/no minor
gss_accept_sec_context: The routine must be called again to complete its function/no minor
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=109) - Flags 0x80
SSL: TLS Message Length: 99
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
OpenSSL: RX ver=0x304 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=88): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server hello
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x304 content_type=20 (change cipher spec/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write change cipher spec
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x304 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=311): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write client hello
SSL: SSL_connect - want more data
SSL: 322 bytes pending from ssl_out
SSL: 322 bytes left to be sent out (of total 322 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x559fcfd067b0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_sec_context: The routine must be called again to complete its function/no minor
gss_accept_sec_context: The routine must be called again to complete its function/no minor
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1004) - Flags 0xc0
SSL: TLS Message Length: 1301
SSL: Need 307 bytes more input data
SSL: Building ACK (type=21 id=4 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x559fcfc4b6f0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_sec_context: The routine must be called again to complete its function/no minor
gss_accept_sec_context: The routine must be called again to complete its function/no minor
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=5 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=317) - Flags 0x80
SSL: TLS Message Length: 1301
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
OpenSSL: RX ver=0x304 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=155): [REMOVED]
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: RX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server hello
OpenSSL: RX ver=0x304 content_type=22 (handshake/?)
OpenSSL: Message - hexdump(len=6): [REMOVED]
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: RX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:TLSv1.3 read encrypted extensions
OpenSSL: RX ver=0x304 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=731): [REMOVED]
TLS: tls_verify_cb - preverify_ok=1 err=18 (self signed certificate) ca_cert_verify=0 depth=0 buf='/CN=host'
EAP: Status notification: remote certificate verification (param=success)
TLS: tls_verify_cb - preverify_ok=1 err=18 (self signed certificate) ca_cert_verify=0 depth=0 buf='/CN=host'
EAP: Status notification: remote certificate verification (param=success)
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: RX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server certificate
OpenSSL: RX ver=0x304 content_type=22 (handshake/certificate verify)
OpenSSL: Message - hexdump(len=264): [REMOVED]
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: RX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:TLSv1.3 read server certificate verify
OpenSSL: RX ver=0x304 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=52): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read finished
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
OpenSSL: TX ver=0x304 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=52): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 74 bytes pending from ssl_out
OpenSSL: Handshake finished - resumed=0
SSL: No Application Data included
SSL: 74 bytes left to be sent out (of total 74 bytes)
EAP-TTLS: TLS done, proceed to Phase 2
EAP-TTLS: Derived key - hexdump(len=64): [REMOVED]
EAP-TTLS: Derived EMSK - hexdump(len=64): [REMOVED]
EAP-TTLS: Derived Session-Id - hexdump(len=65): 15 21 24 57 07 bc 16 9b 02 04 6f 43 0d 8a 07 78 05 37 bf a4 b5 93 9f 91 ef 87 6d 94 1d 3e fc d5 5a 71 64 59 f1 ed 7d 63 f9 46 6e 8e 6f c7 78 f1 6b 7e 5b 37 3a 17 95 fd 12 e1 2e a2 9e d1 a8 c3 ac
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x559fcfd06ec0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_sec_context: The routine must be called again to complete its function/no minor
gss_accept_sec_context: The routine must be called again to complete its function/no minor
failure sending token
Sending init_sec_context token (size=81)...continue needed...
Sending init_sec_context token (size=50)...continue needed...
Sending init_sec_context token (size=42)...continue needed...
Sending init_sec_context token (size=335)...continue needed...
Sending init_sec_context token (size=374)...continue needed...
Sending init_sec_context token (size=42)...continue needed...
Sending init_sec_context token (size=116)...continue needed...
Sending init_sec_context token (size=9)...GSS-API error initializing context: Invalid credential was supplied
GSS-API error initializing context: EAP peer authentication failure
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=6 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=168) - Flags 0x80
SSL: TLS Message Length: 158
EAP-TTLS: received 158 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: RX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSL negotiation finished successfully
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSL negotiation finished successfully
OpenSSL: RX ver=0x304 content_type=22 (handshake/new session ticket)
OpenSSL: Message - hexdump(len=57): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server session ticket
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: RX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSL negotiation finished successfully
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSL negotiation finished successfully
OpenSSL: RX ver=0x304 content_type=22 (handshake/new session ticket)
OpenSSL: Message - hexdump(len=57): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server session ticket
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
OpenSSL: tls_connection_decrypt - Decryption failed - SSL_read error:00000000:lib(0):func(0):reason(0)
SSL: Failed to decrypt Phase 2 data
EAP: method process -> ignore=FALSE methodState=DONE decision=FAIL eapRespData=(nil)
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
@hartmans

This comment has been minimized.

Copy link
Contributor Author

hartmans commented Jan 14, 2019

And here is freeradius logs from the same run:

FreeRADIUS Version 3.0.17
Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...

...

Thread 4 got semaphore
Thread 4 handling request 1, (1 handled so far)
(1) Received Access-Request Id 0 from [::1]:49449 to [::1]:1812 length 92
(1)   User-Name = "@test.com"
(1)   GSS-Acceptor-Service-Name = "host"
(1)   GSS-Acceptor-Host-Name = "localhost"
(1)   EAP-Message = 0x020100060315
(1)   State = 0xfd36b1f7fd37b5c205ae4e5b7f137f5f
(1)   Message-Authenticator = 0xeed55cfe09994331d023be4227dc1303
(1) session-state: No cached attributes
(1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(1)   authorize {
(1)     policy filter_username {
(1)       if (&User-Name) {
(1)       if (&User-Name)  -> TRUE
(1)       if (&User-Name)  {
(1)         if (&User-Name =~ / /) {
(1)         if (&User-Name =~ / /)  -> FALSE
(1)         if (&User-Name =~ /@[^@]*@/ ) {
(1)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(1)         if (&User-Name =~ /\.\./ ) {
(1)         if (&User-Name =~ /\.\./ )  -> FALSE
(1)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(1)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(1)         if (&User-Name =~ /\.$/)  {
(1)         if (&User-Name =~ /\.$/)   -> FALSE
(1)         if (&User-Name =~ /@\./)  {
(1)         if (&User-Name =~ /@\./)   -> FALSE
(1)       } # if (&User-Name)  = notfound
(1)     } # policy filter_username = notfound
(1)     [preprocess] = ok
(1)     [chap] = noop
(1)     [mschap] = noop
(1)     [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: Looking up realm "test.com" for User-Name = "@test.com"
(1) suffix: Found realm "test.com"
(1) suffix: Adding Stripped-User-Name = ""
(1) suffix: Adding Realm = "test.com"
(1) suffix: Authentication realm is LOCAL
(1)     [suffix] = ok
(1) eap: Peer sent EAP Response (code 2) ID 1 length 6
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1)     [eap] = updated
(1)     [files] = noop
(1)     [expiration] = noop
(1)     [logintime] = noop
(1) pap: WARNING: No "known good" password found for the user.  Not setting Auth-Type
(1) pap: WARNING: Authentication will fail unless a "known good" password is available
(1)     [pap] = noop
(1)   } # authorize = updated
(1) Found Auth-Type = eap
(1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(1)   authenticate {
(1) eap: Expiring EAP session with state 0xfd36b1f7fd37b5c2
(1) eap: Finished EAP session with state 0xfd36b1f7fd37b5c2
(1) eap: Previous EAP request found for state 0xfd36b1f7fd37b5c2, released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type TTLS (21)
(1) eap: Calling submodule eap_ttls to process data
(1) eap_ttls: Initiating new EAP-TLS session
(1) eap_ttls: [eaptls start] = request
(1) eap: Sending EAP Request (code 1) ID 2 length 6
(1) eap: EAP session adding &reply:State = 0xfd36b1f7fc34a4c2
(1)     [eap] = handled
(1)   } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(1)   Challenge { ... } # empty sub-section is ignored
(1) Sent Access-Challenge Id 0 from [::1]:1812 to [::1]:49449 length 0
(1)   EAP-Message = 0x010200061520
(1)   Message-Authenticator = 0x00000000000000000000000000000000
(1)   State = 0xfd36b1f7fc34a4c205ae4e5b7f137f5f
(1) Finished request
Thread 4 waiting to be assigned a request
(1) Cleaning up request packet ID 0 with timestamp +1
Waking up in 0.3 seconds.
Thread 3 got semaphore
Thread 3 handling request 2, (1 handled so far)
(2) Received Access-Request Id 0 from [::1]:49449 to [::1]:1812 length 377
(2)   User-Name = "@test.com"
(2)   GSS-Acceptor-Service-Name = "host"
(2)   GSS-Acceptor-Host-Name = "localhost"
(2)   EAP-Message = 0x020201211500160301011601000112030321245707bc169b02046f430d8a07780537bfa4b5939f91ef876d941d3efcd55a206d1c359d5884213fb078bd75115b6bc2970165f89b53ce782ee6ffca4094df69003e130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c02700
(2)   State = 0xfd36b1f7fc34a4c205ae4e5b7f137f5f
(2)   Message-Authenticator = 0x6d8e180a381ade76c9387fdf0d3c4499
(2) session-state: No cached attributes
(2) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(2)   authorize {
(2)     policy filter_username {
(2)       if (&User-Name) {
(2)       if (&User-Name)  -> TRUE
(2)       if (&User-Name)  {
(2)         if (&User-Name =~ / /) {
(2)         if (&User-Name =~ / /)  -> FALSE
(2)         if (&User-Name =~ /@[^@]*@/ ) {
(2)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(2)         if (&User-Name =~ /\.\./ ) {
(2)         if (&User-Name =~ /\.\./ )  -> FALSE
(2)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(2)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(2)         if (&User-Name =~ /\.$/)  {
(2)         if (&User-Name =~ /\.$/)   -> FALSE
(2)         if (&User-Name =~ /@\./)  {
(2)         if (&User-Name =~ /@\./)   -> FALSE
(2)       } # if (&User-Name)  = notfound
(2)     } # policy filter_username = notfound
(2)     [preprocess] = ok
(2)     [chap] = noop
(2)     [mschap] = noop
(2)     [digest] = noop
(2) suffix: Checking for suffix after "@"
(2) suffix: Looking up realm "test.com" for User-Name = "@test.com"
(2) suffix: Found realm "test.com"
(2) suffix: Adding Stripped-User-Name = ""
(2) suffix: Adding Realm = "test.com"
(2) suffix: Authentication realm is LOCAL
(2)     [suffix] = ok
(2) eap: Peer sent EAP Response (code 2) ID 2 length 289
(2) eap: Continuing tunnel setup
(2)     [eap] = ok
(2)   } # authorize = ok
(2) Found Auth-Type = eap
(2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(2)   authenticate {
(2) eap: Expiring EAP session with state 0xfd36b1f7fc34a4c2
(2) eap: Finished EAP session with state 0xfd36b1f7fc34a4c2
(2) eap: Previous EAP request found for state 0xfd36b1f7fc34a4c2, released from the list
(2) eap: Peer sent packet with method EAP TTLS (21)
(2) eap: Calling submodule eap_ttls to process data
(2) eap_ttls: Authenticate
(2) eap_ttls: Continuing EAP-TLS
(2) eap_ttls: [eaptls verify] = ok
(2) eap_ttls: Done initial handshake
(2) eap_ttls: (other): before SSL initialization
(2) eap_ttls: TLS_accept: before SSL initialization
(2) eap_ttls: TLS_accept: before SSL initialization
(2) eap_ttls: <<< recv UNKNOWN TLS VERSION ?0304? [length 0116] 
(2) eap_ttls: TLS_accept: SSLv3/TLS read client hello
(2) eap_ttls: >>> send UNKNOWN TLS VERSION ?0304? [length 0058] 
(2) eap_ttls: TLS_accept: SSLv3/TLS write server hello
(2) eap_ttls: >>> send UNKNOWN TLS VERSION ?0304? [length 0001] 
(2) eap_ttls: TLS_accept: SSLv3/TLS write change cipher spec
(2) eap_ttls: TLS_accept: TLSv1.3 early data
(2) eap_ttls: TLS_accept: Need to read more data: TLSv1.3 early data
(2) eap_ttls: In SSL Handshake Phase
(2) eap_ttls: In SSL Accept mode
(2) eap_ttls: [eaptls process] = handled
(2) eap: Sending EAP Request (code 1) ID 3 length 109
(2) eap: EAP session adding &reply:State = 0xfd36b1f7ff35a4c2
(2)     [eap] = handled
(2)   } # authenticate = handled
(2) Using Post-Auth-Type Challenge
(2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(2)   Challenge { ... } # empty sub-section is ignored
(2) Sent Access-Challenge Id 0 from [::1]:1812 to [::1]:49449 length 0
(2)   EAP-Message = 0x0103006d1580000000631603030058020000540303cf21ad74e59a6111be1d8c021e65b891c2a211167abb8c5e079e09e2c8a8339c206d1c359d5884213fb078bd75115b6bc2970165f89b53ce782ee6ffca4094df69130200000c002b00020304003300020017140303000101
(2)   Message-Authenticator = 0x00000000000000000000000000000000
(2)   State = 0xfd36b1f7ff35a4c205ae4e5b7f137f5f
(2) Finished request
Thread 3 waiting to be assigned a request
(2) Cleaning up request packet ID 0 with timestamp +1
Waking up in 0.3 seconds.
Thread 2 got semaphore
Thread 2 handling request 3, (1 handled so far)
(3) Received Access-Request Id 0 from [::1]:49449 to [::1]:1812 length 416
(3)   User-Name = "@test.com"
(3)   GSS-Acceptor-Service-Name = "host"
(3)   GSS-Acceptor-Host-Name = "localhost"
(3)   EAP-Message = 0x020301481500140303000101160303013701000133030321245707bc169b02046f430d8a07780537bfa4b5939f91ef876d941d3efcd55a206d1c359d5884213fb078bd75115b6bc2970165f89b53ce782ee6ffca4094df69003e130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c02800
(3)   State = 0xfd36b1f7ff35a4c205ae4e5b7f137f5f
(3)   Message-Authenticator = 0x41dcecf726c2cb089ce7c815b0c2f444
(3) session-state: No cached attributes
(3) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(3)   authorize {
(3)     policy filter_username {
(3)       if (&User-Name) {
(3)       if (&User-Name)  -> TRUE
(3)       if (&User-Name)  {
(3)         if (&User-Name =~ / /) {
(3)         if (&User-Name =~ / /)  -> FALSE
(3)         if (&User-Name =~ /@[^@]*@/ ) {
(3)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(3)         if (&User-Name =~ /\.\./ ) {
(3)         if (&User-Name =~ /\.\./ )  -> FALSE
(3)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(3)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(3)         if (&User-Name =~ /\.$/)  {
(3)         if (&User-Name =~ /\.$/)   -> FALSE
(3)         if (&User-Name =~ /@\./)  {
(3)         if (&User-Name =~ /@\./)   -> FALSE
(3)       } # if (&User-Name)  = notfound
(3)     } # policy filter_username = notfound
(3)     [preprocess] = ok
(3)     [chap] = noop
(3)     [mschap] = noop
(3)     [digest] = noop
(3) suffix: Checking for suffix after "@"
(3) suffix: Looking up realm "test.com" for User-Name = "@test.com"
(3) suffix: Found realm "test.com"
(3) suffix: Adding Stripped-User-Name = ""
(3) suffix: Adding Realm = "test.com"
(3) suffix: Authentication realm is LOCAL
(3)     [suffix] = ok
(3) eap: Peer sent EAP Response (code 2) ID 3 length 328
(3) eap: Continuing tunnel setup
(3)     [eap] = ok
(3)   } # authorize = ok
(3) Found Auth-Type = eap
(3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(3)   authenticate {
(3) eap: Expiring EAP session with state 0xfd36b1f7ff35a4c2
(3) eap: Finished EAP session with state 0xfd36b1f7ff35a4c2
(3) eap: Previous EAP request found for state 0xfd36b1f7ff35a4c2, released from the list
(3) eap: Peer sent packet with method EAP TTLS (21)
(3) eap: Calling submodule eap_ttls to process data
(3) eap_ttls: Authenticate
(3) eap_ttls: Continuing EAP-TLS
(3) eap_ttls: [eaptls verify] = ok
(3) eap_ttls: Done initial handshake
(3) eap_ttls: TLS_accept: TLSv1.3 early data
(3) eap_ttls: <<< recv UNKNOWN TLS VERSION ?0304? [length 0137] 
(3) eap_ttls: TLS_accept: SSLv3/TLS read client hello
(3) eap_ttls: >>> send UNKNOWN TLS VERSION ?0304? [length 009b] 
(3) eap_ttls: TLS_accept: SSLv3/TLS write server hello
(3) eap_ttls: >>> send UNKNOWN TLS VERSION ?0304? [length 0001] 
(3) eap_ttls: >>> send UNKNOWN TLS VERSION ?0304? [length 0006] 
(3) eap_ttls: TLS_accept: TLSv1.3 write encrypted extensions
(3) eap_ttls: >>> send UNKNOWN TLS VERSION ?0304? [length 0001] 
(3) eap_ttls: >>> send UNKNOWN TLS VERSION ?0304? [length 02db] 
(3) eap_ttls: TLS_accept: SSLv3/TLS write certificate
(3) eap_ttls: >>> send UNKNOWN TLS VERSION ?0304? [length 0001] 
(3) eap_ttls: >>> send UNKNOWN TLS VERSION ?0304? [length 0108] 
(3) eap_ttls: TLS_accept: TLSv1.3 write server certificate verify
(3) eap_ttls: >>> send UNKNOWN TLS VERSION ?0304? [length 0001] 
(3) eap_ttls: >>> send UNKNOWN TLS VERSION ?0304? [length 0034] 
(3) eap_ttls: TLS_accept: SSLv3/TLS write finished
(3) eap_ttls: TLS_accept: TLSv1.3 early data
(3) eap_ttls: TLS_accept: Need to read more data: TLSv1.3 early data
(3) eap_ttls: In SSL Handshake Phase
(3) eap_ttls: In SSL Accept mode
(3) eap_ttls: [eaptls process] = handled
(3) eap: Sending EAP Request (code 1) ID 4 length 1004
(3) eap: EAP session adding &reply:State = 0xfd36b1f7fe32a4c2
(3)     [eap] = handled
(3)   } # authenticate = handled
(3) Using Post-Auth-Type Challenge
(3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(3)   Challenge { ... } # empty sub-section is ignored
(3) Sent Access-Challenge Id 0 from [::1]:1812 to [::1]:49449 length 0
(3)   EAP-Message = 0x010403ec15c000000515160303009b020000970303716459f1ed7d63f9466e8e6fc778f16b7e5b373a1795fd12e12ea29ed1a8c3ac206d1c359d5884213fb078bd75115b6bc2970165f89b53ce782ee6ffca4094df69130200004f002b00020304003300450017004104b0c469bc5617b4e53fd212aeee
(3)   Message-Authenticator = 0x00000000000000000000000000000000
(3)   State = 0xfd36b1f7fe32a4c205ae4e5b7f137f5f
(3) Finished request
Thread 2 waiting to be assigned a request
(3) Cleaning up request packet ID 0 with timestamp +1
Waking up in 0.3 seconds.
Thread 1 got semaphore
Thread 1 handling request 4, (1 handled so far)
(4) Received Access-Request Id 0 from [::1]:49449 to [::1]:1812 length 92
(4)   User-Name = "@test.com"
(4)   GSS-Acceptor-Service-Name = "host"
(4)   GSS-Acceptor-Host-Name = "localhost"
(4)   EAP-Message = 0x020400061500
(4)   State = 0xfd36b1f7fe32a4c205ae4e5b7f137f5f
(4)   Message-Authenticator = 0x801f80954e5e06dd0f234414056870a9
(4) session-state: No cached attributes
(4) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(4)   authorize {
(4)     policy filter_username {
(4)       if (&User-Name) {
(4)       if (&User-Name)  -> TRUE
(4)       if (&User-Name)  {
(4)         if (&User-Name =~ / /) {
(4)         if (&User-Name =~ / /)  -> FALSE
(4)         if (&User-Name =~ /@[^@]*@/ ) {
(4)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(4)         if (&User-Name =~ /\.\./ ) {
(4)         if (&User-Name =~ /\.\./ )  -> FALSE
(4)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(4)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(4)         if (&User-Name =~ /\.$/)  {
(4)         if (&User-Name =~ /\.$/)   -> FALSE
(4)         if (&User-Name =~ /@\./)  {
(4)         if (&User-Name =~ /@\./)   -> FALSE
(4)       } # if (&User-Name)  = notfound
(4)     } # policy filter_username = notfound
(4)     [preprocess] = ok
(4)     [chap] = noop
(4)     [mschap] = noop
(4)     [digest] = noop
(4) suffix: Checking for suffix after "@"
(4) suffix: Looking up realm "test.com" for User-Name = "@test.com"
(4) suffix: Found realm "test.com"
(4) suffix: Adding Stripped-User-Name = ""
(4) suffix: Adding Realm = "test.com"
(4) suffix: Authentication realm is LOCAL
(4)     [suffix] = ok
(4) eap: Peer sent EAP Response (code 2) ID 4 length 6
(4) eap: Continuing tunnel setup
(4)     [eap] = ok
(4)   } # authorize = ok
(4) Found Auth-Type = eap
(4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(4)   authenticate {
(4) eap: Expiring EAP session with state 0xfd36b1f7fe32a4c2
(4) eap: Finished EAP session with state 0xfd36b1f7fe32a4c2
(4) eap: Previous EAP request found for state 0xfd36b1f7fe32a4c2, released from the list
(4) eap: Peer sent packet with method EAP TTLS (21)
(4) eap: Calling submodule eap_ttls to process data
(4) eap_ttls: Authenticate
(4) eap_ttls: Continuing EAP-TLS
(4) eap_ttls: Peer ACKed our handshake fragment
(4) eap_ttls: [eaptls verify] = request
(4) eap_ttls: [eaptls process] = handled
(4) eap: Sending EAP Request (code 1) ID 5 length 317
(4) eap: EAP session adding &reply:State = 0xfd36b1f7f933a4c2
(4)     [eap] = handled
(4)   } # authenticate = handled
(4) Using Post-Auth-Type Challenge
(4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(4)   Challenge { ... } # empty sub-section is ignored
(4) Sent Access-Challenge Id 0 from [::1]:1812 to [::1]:49449 length 0
(4)   EAP-Message = 0x0105013d15800000051599b64d3136a68c221dc7fd990b97ff5e49419315069f43d4bbfa3c9fd62669a9f6f0551ed9776f5415186f03129ffe83e450589b3f7d5978f00509e7a1131f66f383173416819d57bb911842a0faa0f57c088f3bb519bdd5adaba1dfa4a6b587eea9ed988022f4d5bbcd8ae411
(4)   Message-Authenticator = 0x00000000000000000000000000000000
(4)   State = 0xfd36b1f7f933a4c205ae4e5b7f137f5f
(4) Finished request
Thread 1 waiting to be assigned a request
(4) Cleaning up request packet ID 0 with timestamp +1
Waking up in 0.3 seconds.
Thread 5 got semaphore
Thread 5 handling request 5, (2 handled so far)
(5) Received Access-Request Id 0 from [::1]:49449 to [::1]:1812 length 166
(5)   User-Name = "@test.com"
(5)   GSS-Acceptor-Service-Name = "host"
(5)   GSS-Acceptor-Host-Name = "localhost"
(5)   EAP-Message = 0x0205005015001703030045b06ae2402a7c36af3fc98ea1a26822b394174f1601174c695d841f75081f0e4af284ca2e08ba9020b0f320acee0b7afd14b6797f794efb258ce58e385b5629f39934271b17
(5)   State = 0xfd36b1f7f933a4c205ae4e5b7f137f5f
(5)   Message-Authenticator = 0x44eae8eea81f9658dc7980263cf5a05c
(5) session-state: No cached attributes
(5) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(5)   authorize {
(5)     policy filter_username {
(5)       if (&User-Name) {
(5)       if (&User-Name)  -> TRUE
(5)       if (&User-Name)  {
(5)         if (&User-Name =~ / /) {
(5)         if (&User-Name =~ / /)  -> FALSE
(5)         if (&User-Name =~ /@[^@]*@/ ) {
(5)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(5)         if (&User-Name =~ /\.\./ ) {
(5)         if (&User-Name =~ /\.\./ )  -> FALSE
(5)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(5)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(5)         if (&User-Name =~ /\.$/)  {
(5)         if (&User-Name =~ /\.$/)   -> FALSE
(5)         if (&User-Name =~ /@\./)  {
(5)         if (&User-Name =~ /@\./)   -> FALSE
(5)       } # if (&User-Name)  = notfound
(5)     } # policy filter_username = notfound
(5)     [preprocess] = ok
(5)     [chap] = noop
(5)     [mschap] = noop
(5)     [digest] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: Looking up realm "test.com" for User-Name = "@test.com"
(5) suffix: Found realm "test.com"
(5) suffix: Adding Stripped-User-Name = ""
(5) suffix: Adding Realm = "test.com"
(5) suffix: Authentication realm is LOCAL
(5)     [suffix] = ok
(5) eap: Peer sent EAP Response (code 2) ID 5 length 80
(5) eap: Continuing tunnel setup
(5)     [eap] = ok
(5)   } # authorize = ok
(5) Found Auth-Type = eap
(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(5)   authenticate {
(5) eap: Expiring EAP session with state 0xfd36b1f7f933a4c2
(5) eap: Finished EAP session with state 0xfd36b1f7f933a4c2
(5) eap: Previous EAP request found for state 0xfd36b1f7f933a4c2, released from the list
(5) eap: Peer sent packet with method EAP TTLS (21)
(5) eap: Calling submodule eap_ttls to process data
(5) eap_ttls: Authenticate
(5) eap_ttls: Continuing EAP-TLS
(5) eap_ttls: [eaptls verify] = ok
(5) eap_ttls: Done initial handshake
(5) eap_ttls: <<< recv UNKNOWN TLS VERSION ?0304? [length 0001] 
(5) eap_ttls: TLS_accept: TLSv1.3 early data
(5) eap_ttls: <<< recv UNKNOWN TLS VERSION ?0304? [length 0034] 
(5) eap_ttls: TLS_accept: SSLv3/TLS read finished
(5) eap_ttls: (other): SSLv3/TLS write session ticket
(5) eap_ttls: (other): SSLv3/TLS write session ticket
(5) eap_ttls: >>> send UNKNOWN TLS VERSION ?0304? [length 0001] 
(5) eap_ttls: >>> send UNKNOWN TLS VERSION ?0304? [length 0039] 
(5) eap_ttls: TLS_accept: SSLv3/TLS write session ticket
(5) eap_ttls: (other): SSLv3/TLS write session ticket
(5) eap_ttls: (other): SSLv3/TLS write session ticket
(5) eap_ttls: >>> send UNKNOWN TLS VERSION ?0304? [length 0001] 
(5) eap_ttls: >>> send UNKNOWN TLS VERSION ?0304? [length 0039] 
(5) eap_ttls: TLS_accept: SSLv3/TLS write session ticket
(5) eap_ttls: (other): SSL negotiation finished successfully
(5) eap_ttls: SSL Connection Established
(5) eap_ttls: [eaptls process] = handled
(5) eap: Sending EAP Request (code 1) ID 6 length 168
(5) eap: EAP session adding &reply:State = 0xfd36b1f7f830a4c2
(5)     [eap] = handled
(5)   } # authenticate = handled
(5) Using Post-Auth-Type Challenge
(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(5)   Challenge { ... } # empty sub-section is ignored
(5) Sent Access-Challenge Id 0 from [::1]:1812 to [::1]:49449 length 0
(5)   EAP-Message = 0x010600a815800000009e170303004ad8d5fd42ec032a6a657460275abc980fdb56b33e314a309da58ba9df8f7c0cbf659437715f7bd3e899af6ccd6c4f8d3345abb0471cc6a5e1f7377cc8dd6c3f0f04454fc1cda7e3deff89170303004ad02c8ff7ec2d10e5bc0dab38c4d83ead1a5535edefcd60551e
(5)   Message-Authenticator = 0x00000000000000000000000000000000
(5)   State = 0xfd36b1f7f830a4c205ae4e5b7f137f5f
(5) Finished request
Thread 5 waiting to be assigned a request
Waking up in 4.6 seconds.

@alandekok

This comment has been minimized.

Copy link
Member

alandekok commented Jan 14, 2019

FreeRADIUS Version 3.0.17

It may be due to the issue fixed in commit fd803c9. 3.0.17 sometimes complained that TLS 1.3 was unknown, and refused to do TLS 1.3 at all. That patch should fix it.

Try the v3.0.x branch from git. If that works, then the fix is already been triaged and done.

Otherwise, I'll have to find some time to work on this.

@arr2036

This comment has been minimized.

Copy link
Member

arr2036 commented Jan 15, 2019

To enable TLS1.3 in eapol_test add this inside network block:

phase1="tls_disable_tlsv1_3=0"

@arr2036

This comment has been minimized.

Copy link
Member

arr2036 commented Jan 15, 2019

FWIW in version 4 the server appears to complete negotiation successfully, as in v3.0.x (albeit without the cosmetic issues), and it's still the supplicant (eapol_test) that experiences the error.

(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - <<< recv TLS 1.3, inner_content_type[length 1]
(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - Handshake state [TRCC] - Server SSLv3/TLS read client certificate
(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - <<< recv TLS 1.3, handshake[length 264], certificate_verify
(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - <<< recv TLS 1.3, inner_content_type[length 1]
(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - Handshake state [TRCV] - Server SSLv3/TLS read certificate verify
(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - <<< recv TLS 1.3, handshake[length 52], finished
(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - Handshake state [TRFIN] - Server SSLv3/TLS read finished
(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - Handshake state [TWST] - SSLv3/TLS write session ticket
(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - Handshake state [TWST] - SSLv3/TLS write session ticket
(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - >>> send TLS 1.3, inner_content_type[length 1]
(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - >>> send TLS 1.3, handshake[length 57], new_session_ticket
(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - Handshake state [TWST] - Server SSLv3/TLS write session ticket
(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - Handshake state [TWST] - SSLv3/TLS write session ticket
(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - Handshake state [TWST] - SSLv3/TLS write session ticket
(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - >>> send TLS 1.3, inner_content_type[length 1]
(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - >>> send TLS 1.3, handshake[length 57], new_session_ticket
(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - Handshake state [TWST] - Server SSLv3/TLS write session ticket
(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - Handshake state [SSLOK] - SSL negotiation finished successfully
(69,63)  Tue Jan 15 15:49:44 2019 : Debug :   eap - Cipher suite: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=169 method=13 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
TLS - SSL error: error:14231044:SSL routines:tls13_hkdf_expand:internal error
SSL: TLS errors detected
EAP: method process -> ignore=TRUE methodState=MAY_CONT decision=COND_SUCC eapRespData=0x0
EAP: EAP entering state DISCARD
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RECEIVE
EAPOL test timed out
EAPOL: EAP key not available
EAPOL: EAP Session-Id not available
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (13, TLS) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 0  mismatch: 1
FAILURE
@arr2036

This comment has been minimized.

Copy link
Member

arr2036 commented Jan 15, 2019

Looks like that error is popping up in TOR as well, again with OpenSSL 1.1.1a and TLS 1.3

@arr2036

This comment has been minimized.

Copy link
Member

arr2036 commented Jan 15, 2019

Seems to be a fair few conditions that'll generate that error: https://github.com/openssl/openssl/blob/master/ssl/tls13_enc.c#L28

@arr2036

This comment has been minimized.

Copy link
Member

arr2036 commented Jan 15, 2019

Only option would be to do a build of OpenSSL with debugging symbols, and trace through tls13_hkdf_expand to see where it fails.

@hartmans

This comment has been minimized.

Copy link
Contributor Author

hartmans commented Jan 15, 2019

@arr2036

This comment has been minimized.

Copy link
Member

arr2036 commented Jan 16, 2019

Hmm, good point.

Busy today/tomorrow speaking at a conference but will look at this some more on Friday. I'd like to get TLS 1.3 working in FR 4 at least.

@arr2036

This comment has been minimized.

Copy link
Member

arr2036 commented Jan 25, 2019

Using wpa_supplicant HEAD, TLS 1.3 is now functional for EAP-TLS with/without session tickets, and EAP-TTLS without session tickets. The remaining issues are with wpa_supplicant.

@arr2036

This comment has been minimized.

Copy link
Member

arr2036 commented Jan 25, 2019

Description of technical issue in wpa_supplicant and suggested code fixes is available here: http://lists.infradead.org/pipermail/hostap/2019-January/039418.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment