Turns out I forgot to set the Elliptic Curve to secp384r1, which is needed to be fully compliant with WAP3 192 bit mode.
My 24H2 devices can authenticate after that change.
My 24H2 devices can authenticate after that change.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Show posts Menu(1) eap: Peer sent packet with method EAP TLS (13)
(1) eap: Calling submodule eap_tls to process data
(1) eap_tls: (TLS) EAP Peer says that the final record size will be 282 bytes
(1) eap_tls: (TLS) EAP Got all data (282 bytes)
(1) eap_tls: (TLS) TLS - Handshake state - before SSL initialization
(1) eap_tls: (TLS) TLS - Handshake state - Server before SSL initialization
(1) eap_tls: (TLS) TLS - Handshake state - Server before SSL initialization
(1) eap_tls: (TLS) TLS - recv TLS 1.3 Handshake, ClientHello
(1) eap_tls: (TLS) TLS - send TLS 1.2 Alert, fatal handshake_failure
(1) eap_tls: ERROR: (TLS) TLS - Alert write:fatal:handshake failure
(1) eap_tls: ERROR: (TLS) TLS - Server : Error in error
(1) eap_tls: ERROR: (TLS) Failed reading from OpenSSL: error:0A0000C1:SSL routines::no shared cipher
(1) eap_tls: ERROR: (TLS) System call (I/O) error (-1)
(1) eap_tls: ERROR: (TLS) EAP Receive handshake failed during operation
(1) eap_tls: ERROR: [eaptls process] = fail
(1) eap: ERROR: Failed continuing EAP TLS (13) session. EAP sub-module failed
(1) eap: Sending EAP Failure (code 4) ID 116 length 4
(1) eap: Failed in EAP select
(1) eap_tls: (TLS) EAP Peer says that the final record size will be 282 bytes
(1) eap_tls: (TLS) EAP Got all data (282 bytes)
(1) eap_tls: (TLS) TLS - Handshake state - before SSL initialization
(1) eap_tls: (TLS) TLS - Handshake state - Server before SSL initialization
(1) eap_tls: (TLS) TLS - Handshake state - Server before SSL initialization
(1) eap_tls: (TLS) TLS - recv TLS 1.3 Handshake, ClientHello
(1) eap_tls: (TLS) TLS - send TLS 1.3 Alert, fatal handshake_failure
(1) eap_tls: ERROR: (TLS) TLS - Alert write:fatal:handshake failure
(1) eap_tls: ERROR: (TLS) TLS - Server : Error in error
(1) eap_tls: ERROR: (TLS) Failed reading from OpenSSL: error:0A000065:SSL routines::no suitable key share
(1) eap_tls: ERROR: (TLS) System call (I/O) error (-1)
(1) eap_tls: ERROR: (TLS) EAP Receive handshake failed during operation
(1) eap_tls: ERROR: [eaptls process] = fail
(1) eap: ERROR: Failed continuing EAP TLS (13) session. EAP sub-module failed
(1) eap: Sending EAP Failure (code 4) ID 89 length 4
(1) eap: Failed in EAP select
(15) eap: Calling submodule eap_tls to process data
(15) eap_tls: (TLS) EAP Peer says that the final record size will be 223 bytes
(15) eap_tls: (TLS) EAP Got all data (223 bytes)
(15) eap_tls: (TLS) TLS - Handshake state - before SSL initialization
(15) eap_tls: (TLS) TLS - Handshake state - Server before SSL initialization
(15) eap_tls: (TLS) TLS - Handshake state - Server before SSL initialization
(15) eap_tls: (TLS) TLS - recv TLS 1.3 Handshake, ClientHello
(15) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read client hello
(15) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, ServerHello
(15) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write server hello
(15) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, Certificate
(15) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write certificate
(15) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange
(15) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write key exchange
(15) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, CertificateRequest
(15) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write certificate request
(15) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone
(15) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write server done
(15) eap_tls: (TLS) TLS - Server : Need to read more data: SSLv3/TLS write server done
(15) eap_tls: (TLS) TLS - In Handshake Phase
...
(23) Restoring &session-state
(23) &session-state:Framed-MTU = 994
(23) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(23) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(23) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(23) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(23) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(23) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(23) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, Certificate"
(23) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, ClientKeyExchange"
(23) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, CertificateVerify"
(23) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, Finished"
(23) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 ChangeCipherSpec"
(23) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Finished"
(23) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(23) &session-state:TLS-Session-Version = "TLS 1.2"
eap_tls: ERROR: (TLS) TLS - Alert write:fatal:handshake failure
eap_tls: ERROR: (TLS) TLS - Server : Error in error
Login incorrect (eap_tls: (TLS) TLS - Alert write:fatal:handshake failure): [radiusdebug/<via Auth-Type = eap>] (from client u6mesh port 3)