Security

last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

  • 1.  Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

    Posted 10 days ago
    Hello,

    Our client use EAP-GTC without validation of certificate against a local radius database in clearpass.

    But often we have this error message while client roam and disconnect the client :

    EAP-PEAP: fatal alert by server - unexpected_message
    TLS Handshake failed in SSL_read with error:1408E0F4:SSL routines:ssl3_get_message:unexpected message
    eap-tls: Error in establishing TLS session

    Do you know what does it mean ?

    Regards,


  • 2.  RE: Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

    Posted 10 days ago
    Hello,
    Our client dosen't suport fast roaming, it is possible that the fast roaming and session resumption enabled in authentication methode eap-peap in clearpass cause this problem ?
    Regards,





  • 3.  RE: Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

    Posted 6 days ago
    You may try to disable session-resumption and see if that fixes the issue. The specific code error:1408E0F4 seems to relate to a cipher mismatch between the client and ClearPass, and I see quite some references to the TLS 1.2 version and it may be that the client is trying to perform TLS1.0 or TLS1.1.

    You might check in ClearPass under the Cluster-Wide Parameters, General, if these TLS1.0 and TLS1.1 are disabled for Network or All; and if it is, if you enable it if the issue disappears. Note that if that resolves the issue, you might consider upgrading the client.

    If the issue resists, consider opening a support case at Aruba Support TAC through your Aruba partner or direct if you have access.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 4.  RE: Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

    Posted 2 days ago
    Hello Herman,
    I've opned a support case, they said that is due to a corrupted packet or packet missed..
    We don't have any issue like that in our environnement, and also the problem is happening for all our site not only one.
    Regards Brahim,

    ------------------------------
    brahim abdelouahab
    ------------------------------