Security

Hello,

Our client use EAP-GTC without validation of certificate against a local radius database in clearpass.

But often we have this error message while client roam and disconnect the client :

EAP-PEAP: fatal alert by server - unexpected_message
TLS Handshake failed in SSL_read with error:1408E0F4:SSL routines:ssl3_get_message:unexpected message
eap-tls: Error in establishing TLS session

Do you know what does it mean ?

Regards,

Hello,
Our client dosen't suport fast roaming, it is possible that the fast roaming and session resumption enabled in authentication methode eap-peap in clearpass cause this problem ?
Regards,



Original Message:
Sent: Jan 14, 2021 04:17 AM
From: brahim abdelouahab
Subject: Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

Hello,

Our client use EAP-GTC without validation of certificate against a local radius database in clearpass.

But often we have this error message while client roam and disconnect the client :

EAP-PEAP: fatal alert by server - unexpected_message
TLS Handshake failed in SSL_read with error:1408E0F4:SSL routines:ssl3_get_message:unexpected message
eap-tls: Error in establishing TLS session

Do you know what does it mean ?

Regards,

You may try to disable session-resumption and see if that fixes the issue. The specific code error:1408E0F4 seems to relate to a cipher mismatch between the client and ClearPass, and I see quite some references to the TLS 1.2 version and it may be that the client is trying to perform TLS1.0 or TLS1.1.

You might check in ClearPass under the Cluster-Wide Parameters, General, if these TLS1.0 and TLS1.1 are disabled for Network or All; and if it is, if you enable it if the issue disappears. Note that if that resolves the issue, you might consider upgrading the client.

If the issue resists, consider opening a support case at Aruba Support TAC through your Aruba partner or direct if you have access.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Jan 14, 2021 06:15 AM
From: brahim abdelouahab
Subject: Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

Hello,
Our client dosen't suport fast roaming, it is possible that the fast roaming and session resumption enabled in authentication methode eap-peap in clearpass cause this problem ?
Regards,



Original Message:
Sent: Jan 14, 2021 04:17 AM
From: brahim abdelouahab
Subject: Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

Hello,

Our client use EAP-GTC without validation of certificate against a local radius database in clearpass.

But often we have this error message while client roam and disconnect the client :

EAP-PEAP: fatal alert by server - unexpected_message
TLS Handshake failed in SSL_read with error:1408E0F4:SSL routines:ssl3_get_message:unexpected message
eap-tls: Error in establishing TLS session

Do you know what does it mean ?

Regards,

Hello Herman,
I've opned a support case, they said that is due to a corrupted packet or packet missed..
We don't have any issue like that in our environnement, and also the problem is happening for all our site not only one.
Regards Brahim,

------------------------------
brahim abdelouahab
------------------------------

Original Message:
Sent: Jan 18, 2021 04:25 AM
From: Herman Robers
Subject: Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

You may try to disable session-resumption and see if that fixes the issue. The specific code error:1408E0F4 seems to relate to a cipher mismatch between the client and ClearPass, and I see quite some references to the TLS 1.2 version and it may be that the client is trying to perform TLS1.0 or TLS1.1.

You might check in ClearPass under the Cluster-Wide Parameters, General, if these TLS1.0 and TLS1.1 are disabled for Network or All; and if it is, if you enable it if the issue disappears. Note that if that resolves the issue, you might consider upgrading the client.

If the issue resists, consider opening a support case at Aruba Support TAC through your Aruba partner or direct if you have access.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Jan 14, 2021 06:15 AM
From: brahim abdelouahab
Subject: Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

Hello,
Our client dosen't suport fast roaming, it is possible that the fast roaming and session resumption enabled in authentication methode eap-peap in clearpass cause this problem ?
Regards,



Original Message:
Sent: Jan 14, 2021 04:17 AM
From: brahim abdelouahab
Subject: Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

Hello,

Our client use EAP-GTC without validation of certificate against a local radius database in clearpass.

But often we have this error message while client roam and disconnect the client :

EAP-PEAP: fatal alert by server - unexpected_message
TLS Handshake failed in SSL_read with error:1408E0F4:SSL routines:ssl3_get_message:unexpected message
eap-tls: Error in establishing TLS session

Do you know what does it mean ?

Regards,

Did you finally manage to solve it? 

I get the message TLS Handshake failed in SSL_read with error:141A20F4:SSL when doing a CoA to Ricoh printers.

Original Message:
Sent: Jan 22, 2021 08:45 AM
From: abdelouahab.brahim1
Subject: Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

Hello Herman,
I've opned a support case, they said that is due to a corrupted packet or packet missed..
We don't have any issue like that in our environnement, and also the problem is happening for all our site not only one.
Regards Brahim,

------------------------------
brahim abdelouahab

Original Message:
Sent: Jan 18, 2021 04:25 AM
From: Herman Robers
Subject: Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

You may try to disable session-resumption and see if that fixes the issue. The specific code error:1408E0F4 seems to relate to a cipher mismatch between the client and ClearPass, and I see quite some references to the TLS 1.2 version and it may be that the client is trying to perform TLS1.0 or TLS1.1.

You might check in ClearPass under the Cluster-Wide Parameters, General, if these TLS1.0 and TLS1.1 are disabled for Network or All; and if it is, if you enable it if the issue disappears. Note that if that resolves the issue, you might consider upgrading the client.

If the issue resists, consider opening a support case at Aruba Support TAC through your Aruba partner or direct if you have access.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Jan 14, 2021 06:15 AM
From: brahim abdelouahab
Subject: Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

Hello,
Our client dosen't suport fast roaming, it is possible that the fast roaming and session resumption enabled in authentication methode eap-peap in clearpass cause this problem ?
Regards,



Original Message:
Sent: Jan 14, 2021 04:17 AM
From: brahim abdelouahab
Subject: Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

Hello,

Our client use EAP-GTC without validation of certificate against a local radius database in clearpass.

But often we have this error message while client roam and disconnect the client :

EAP-PEAP: fatal alert by server - unexpected_message
TLS Handshake failed in SSL_read with error:1408E0F4:SSL routines:ssl3_get_message:unexpected message
eap-tls: Error in establishing TLS session

Do you know what does it mean ?

Regards,

Can you share the full message in it's context? It seems very unlikely that CoA results in an SSL error as there is no SSL involved in CoA.

Could it be that your Ricoh printer attempts to do 802.1X authentication (PEAP/EAP-TLS), but with an unsupported SSL version or unsupported ciphers?

Working with your Aruba partner or Aruba support may help to get the proper analysis or troubleshooting done.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Jan 16, 2024 06:31 AM
From: ibernal
Subject: Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

Did you finally manage to solve it? 

I get the message TLS Handshake failed in SSL_read with error:141A20F4:SSL when doing a CoA to Ricoh printers.

Original Message:
Sent: Jan 22, 2021 08:45 AM
From: abdelouahab.brahim1
Subject: Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

Hello Herman,
I've opned a support case, they said that is due to a corrupted packet or packet missed..
We don't have any issue like that in our environnement, and also the problem is happening for all our site not only one.
Regards Brahim,

------------------------------
brahim abdelouahab

Original Message:
Sent: Jan 18, 2021 04:25 AM
From: Herman Robers
Subject: Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

You may try to disable session-resumption and see if that fixes the issue. The specific code error:1408E0F4 seems to relate to a cipher mismatch between the client and ClearPass, and I see quite some references to the TLS 1.2 version and it may be that the client is trying to perform TLS1.0 or TLS1.1.

You might check in ClearPass under the Cluster-Wide Parameters, General, if these TLS1.0 and TLS1.1 are disabled for Network or All; and if it is, if you enable it if the issue disappears. Note that if that resolves the issue, you might consider upgrading the client.

If the issue resists, consider opening a support case at Aruba Support TAC through your Aruba partner or direct if you have access.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Jan 14, 2021 06:15 AM
From: brahim abdelouahab
Subject: Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

Hello,
Our client dosen't suport fast roaming, it is possible that the fast roaming and session resumption enabled in authentication methode eap-peap in clearpass cause this problem ?
Regards,



Original Message:
Sent: Jan 14, 2021 04:17 AM
From: brahim abdelouahab
Subject: Clearpass returning error code : TLS Handshake failed in SSL_read with error:1408E0F4

Hello,

Our client use EAP-GTC without validation of certificate against a local radius database in clearpass.

But often we have this error message while client roam and disconnect the client :

EAP-PEAP: fatal alert by server - unexpected_message
TLS Handshake failed in SSL_read with error:1408E0F4:SSL routines:ssl3_get_message:unexpected message
eap-tls: Error in establishing TLS session

Do you know what does it mean ?

Regards,