Print Page - Freeradius TLS max version 1.3 broke EAP-TLS

Title: Freeradius TLS max version 1.3 broke EAP-TLS
Post by: jeekee on February 05, 2026, 07:20:50 PM

Hi guys,

Upgrade to 26.1 today and noticed my freeradius EAP-TLS was broken, got all kind of messages about fragmentation issues:

eap_tls: WARNING: (TLS) EAP Total received fragments (1266 bytes), exceeds total data length (1496 bytes)
• ... does not equal expected expected data length (0 bytes)

Fix is setting TLS max version to 1.2.

Is this a known issue, or did I do something wrong earlier and uncovered it after the update to 26.1

Thanks J

Title: Re: Freeradius TLS max version 1.3 broke EAP-TLS
Post by: franco on February 05, 2026, 07:32:58 PM

No that's right that's why the max setting was added too. Unfortunately the default was bumped to TLSv1.3 which didn't work for that particular use case.

Cheers,
Franco

Title: Re: Freeradius TLS max version 1.3 broke EAP-TLS
Post by: jeekee on February 06, 2026, 11:35:54 AM

Aah explains it. Thanks for the reply!

OPNsense Forum

English Forums => 26.1 Series => Topic started by: jeekee on February 05, 2026, 07:20:50 PM