Security

Reply
Highlighted
New Contributor

PEAP or EAP-TLS Server Certificate Validation error on EAP transaction

CPPM 6.6.5.93247

 

When trying to confure PEAP-MSCHAPv2 or EAP-TLS I cannot get a successful authentication when I disable TLS1.0 on the cluster-wide settings. upon further investigation it appears clients (Both Mac and Windows) initiate the Server certificate validation (part of EAP) with TLS 1.0, with this disabled in clearpass the request eventually times out. I did find the following registry hack form Microsoft that will fix Windows Boxes (https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1.1-and-tls-1.2-as-a-default-secure-protocols-in-winhttp-in-windows) but there is not fix for MAC (That I am aware of) am I the only one disabling TLS 1.0????

Highlighted
Moderator

Re: PEAP or EAP-TLS Server Certificate Validation error on EAP transaction

What is the error on the alerts tab in Access Tracker?


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
New Contributor

Re: PEAP or EAP-TLS Server Certificate Validation error on EAP transaction

TLS Handshake failed in SSL_read with error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
eap-tls: Error in establishing TLS session

Highlighted
MVP Expert

Re: PEAP or EAP-TLS Server Certificate Validation error on EAP transaction

Hi,

 

From 6.6.x version , default TLSv1 will be in disabel state, whether to use this version or not is all depend on cusotmer.

 

If you have any legacy devices, it will use TLSv1 during authentication negotation it is device specific. We need to allow TLSv1 in CPPM for authentication to work , if deivces looking for TLSv1.

 

Regards,

Pavan


Pavan Arshewar | ACCP

If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Highlighted
New Contributor

Re: PEAP or EAP-TLS Server Certificate Validation error on EAP transaction

Pavan,

 

 

thanks for the information, since I am configuring CPPM to disable TLS 1.0 does that mean it will not negotiate with the client? what is the release/lifecycle information for 6.3 and 6.6.x ?

 

THX!

Highlighted
Moderator

Re: PEAP or EAP-TLS Server Certificate Validation error on EAP transaction

macOS requires TLS 1.0 to be enabled for EAP.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
New Contributor

Re: PEAP or EAP-TLS Server Certificate Validation error on EAP transaction

Tim,

 

Are there any documents I can reference for that information?

Highlighted
Moderator

Re: PEAP or EAP-TLS Server Certificate Validation error on EAP transaction

Ha. It's Apple. 😉

 

Nothing that I know of.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: