> From: owner-openssl-us...@openssl.org On Behalf Of Carroll, Diana C > Sent: Tuesday, 15 June, 2010 19:36
> I have a scenario where a certificate was generated using a > 2048-bit key, and was signed by a CA using a 1024-bit key. > The certificate is verified "OK" by openSSL, however when > attempting a TLS or TTLS authentication the server fails with > the following debug output: > > Debug output (FreeRADIUS version 2.1.8.) > Error: TLS_accept:failed in SSLv3 read client certificate A > Error: rlm_eap: SSL error error:14094438:SSL > routines:SSL3_READ_BYTES:tlsv1 alert internal error > Error: SSL: SSL_read failed inside of TLS (-1), TLS session fails. > The *client* says *it* failed. Did/can you get any error or log information from the client? Do/can you (re)create the problem with a known client? Can you try openssl s_client using the same client key&cert, or if that's unavailable a similar one? (s_client probably won't be able to do Radius stuff, but it should connect.) > The same error sequence occurs regardless of whether we use > TLS or TTLS. > I don't know EAP-TTLS myself, but according to wikipedia it "can but does not have to" use (TLS) client authentication. (Distinct from the app/user auth that is the point of EAP.) Do you? That may be important, because it is exactly at the client auth step (client cert) that you're failing. > I'm wondering if the mismatched certificate sizes could be a > problem, and whether anyone else has seen this? > When using a different set of certificates, but an otherwise > unchanged server configuration, authentication is successful. > There should be no technical problem signing a child cert with a different keylength, or algorithm. It's even fairly common for a child cert to have a smaller/weaker key than the CA. It's somewhat silly for the child to be larger/stronger, because you get no benefit: your authentication could be compromised (about) as effectively by breaking *either* level. But at least for a few years yet, the difference between 1k and 2k discrete (i.e. RSA or DSA, not ECDSA) is only theoretical. And you could be ready for multiple or future CAs some of which are stronger. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
