On Wed, 27 Nov 2019 at 13:59, Marc Sauer <m.sauer@khm.de> wrote:

Hello,

I'm currently setting up our radsecproxy for the use with Eduroam. The
TLS connection seems to be not possible though.

When I try to start the daemon, I get the following error in the log file:

sslreadtimeout: SSL: error:14094418:SSL routines:ssl3_read_bytes:tlsv1
alert unknown ca

My certificate is definetly valid and I've configured the right
certificate chain.

When I try to connect to the federation radius server (by DFN here in
Germany) manually with openssl s_client it works, but only using tls
1.0,tls 1.1 and tls 1.2. It does not work with TLS 1.3.

Any idea why this is happening? So the real problem is: It works with
all other TLS versions, but not 1.3. Is there a way to force OpenSSL lib
to use only 1.2 somehow?

Thank you in advance to you all.

Marc Sauer

--
Marc Sauer
Linux Systems Administrator

Kunsthochschule für Medien Köln/
Academy of Media Arts Cologne
Peter-Welter-Platz 2
50676 Köln

https://www.khm.de
https://en.khm.de

_______________________________________________
radsecproxy mailing list
radsecproxy@lists.nordu.net
https://lists.nordu.net/listinfo/radsecproxy