[RADIATOR] EAP-TLS not getting client cert

[Hartmaier Alexander]

Hi,
I'd say the client doesn't trust the radiator certificate and stops the
EAP conversation.

Best regards, Alex

On 2016-01-18 12:30, Christian Kratzer wrote:
> Hi Sami,
>
> On Mon, 18 Jan 2016, Sami Keski-Kasari wrote:
>> Hello Christian,
>>
>> Usually this kind of behaviour is due to MTU problems.
>> There can be differences between different vendors for example how they
>> do tunnelling and how it affects to MTUs etc.
>>
>> Please try to adjust maximum TLS fragment size to see if it helps.
>>
>> Please see more at page 92
>> 5.21.39 EAPTLS_MaxFragmentSize
>> in ref.pdf.
> yes we already have that set to 500.
>
> Just for understanding EAPTLS_MaxFragmentSize would only affect what radiator sends.  There is no way to limit the size of the fragements coming from the ap.
>
> The trace4 logs stop exactly at the point radiator has completed sending of it's certificate to the client.
>
> I would assume that I would at least see the first of the packets with the client certificates.  If not this could perhaps also be an issue with the network dropping incoming udp fragments and the os never being able to reassemble incomplete packets.  I will have the customer check into that as well.
>
> Greetings
> Christian
>
>



*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*