(RADIATOR) SSL3_GET_CLIENT_HELLO:no shared cipher

McGrath, Thomas J. Thomas.McGrath at fccc.edu
Wed Feb 4 15:31:27 CST 2004 

All @ Radiator;

	I was attempting to replace the test certifcate with a valid SSL
certificate and ran into a small problem.   Fortunately, I backed up the
certificate files and put them back in the correct locations.   After doing
so, my Radiator is now giving a very strange error:
"SSL3_GET_CLIENT_HELLO:no shared cipher".   A copy of the log is as follows:

*** --- *** LOGFILE *** --- ***
Wed Feb  4 15:57:35 2004: DEBUG: Handling request with Handler 'Wi
reless
Wed Feb  4 15:57:35 2004: DEBUG:  Deleting session for testuser,
10.10.10.10,
503
Wed Feb  4 15:57:35 2004: DEBUG: Handling with Radius::AuthLDAP2:
Wed Feb  4 15:57:35 2004: DEBUG: Handling with EAP: code 2, 3, 100
Wed Feb  4 15:57:35 2004: DEBUG: Response type 21
Wed Feb  4 15:57:35 2004: DEBUG: EAP TLS SSL_accept result: -1, 1, 8466
Wed Feb  4 15:57:35 2004: ERR: EAP TLS error: -1, 1, 8466,  18841: 1 -
error:140
8A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

Wed Feb  4 15:57:35 2004: INFO: Access rejected for testuser: EAP TLS error
Wed Feb  4 15:57:35 2004: DEBUG: Packet dump:
*** Sending to 10.10.10.10 port 21658 ....
Code:       Access-Reject
Identifier: 3
*** --- *** LOGFILE *** --- *** END

The PEM files all appear to be exactly as they were before.   I also granted
all users full read/write access just to rule out a user access problem.
Does anyone have a suggestion?   Things did work prior to moving files out
then back in again.

Below is a copy of my cfg:
*** --- *** CFG *** --- ***
<Handler=Wireless>
        <AuthBy LDAP2>
                EAPType TTLS
                EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
                EAPTLS_CertificateFile %D/certificates/cert-srv.pem
                EAPTLS_CertificateType PEM
                EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
                EPTLS_PrivateKeyPassword whatever
                EAPTLS_MaxFragmentSize 1024
                AutoMPPEKeys Yes
                AddToReply MS-MPPE-Encryption-Policy = 2,
MS-MPPE-Encryption-Typ
es = 2
                        DefaultSimultaneousUse 1
        </AuthBy>
</Handler>
*** --- *** CFG *** --- *** END


Tom McGrath	


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list