On 03/03/2020 12:51, iilinasi wrote: > Alfred, I'd like to say "thanks" once more. > > I tried with newer ciphers and version 1.2 - and now freeradius (3.0.16) > indeed sends me the second "challenge". So, it's a huge progress. > > However it still complains on the unknown TLS version. I attach the > server log and the packet capture, just in case. This is the interesting part from the server log. (1) eap_tls: TLS_accept: before SSL initialization (1) eap_tls: <<< recv UNKNOWN TLS VERSION ?0304? [length 0048] (1) eap_tls: TLS_accept: SSLv3/TLS read client hello The "before SSL initialization" and the "SSLv3/TLS read client hello" strings are generated by OpenSSL. They are the return values from a call to the function SSL_state_string_long() and are intended to give a human readable output of what state the SSL object is in and where in the handshake process it has got to. Interestingly the "UNKNOWN TLS VERSION" message appears between the "before" state and the "read client hello" state. The latter will be returned after the SSL object has gone through its initial setup but before or during the processing of a ClientHello received from the client. The TLS protocol version that server will use is chosen during the processing of that ClientHello. Depending on exactly at what point we're at it is possible that a call to SSL_version() will return either the selected version or (if we haven't got as far as selecting a version yet), the version that the SSL object was initialised with. New SSL objects created using TLS_method(), or TLS_server_method() will have their version initialised to TLS_MAX_VERSION. In OpenSSL 1.1.1 TLS_MAX_VERSION is 0x0304 (TLSv1.3). The string "UNKNOWN TLS VERSION" does not appear in libssl at all. So my guess is that this warning is actually coming from eap_tls after it has made a call to SSL_version(). Since the version has not actually been negotiated yet it comes back with TLSv1.3, and eap_tls doesn't know how to handle it. Is this actually an error? Or just a warning? Matt
