[openssl-users] SSL routines:ssl3_read_bytes:tlsv1 alert internal error

Matt Caswell matt at openssl.org
Fri Sep 28 10:31:22 UTC 2018

On 28/09/18 07:06, DUPALUT, Benjamin wrote:
> Hello,
> First of all, sorry if my english isn't very good.
> I'm using freeradius server to authenticate users on Eduroam Wi-Fi. I
> set up a local certification authority et signed the freeradius server
> certificate using openssl.
> Users  got the CA certfificate via the Configuration Assistant Tool for
> Eduroam but it fails at the TLS session :
> eap_peap: Peer indicated complete TLS record size will be 7 bytes
> eap_peap: Got complete TLS record (7 bytes)
> eap_peap: [eaptls verify] = length included
> eap_peap: <<< recv TLS 1.2  [length 0002] 
> eap_peap: ERROR: TLS Alert read:fatal:internal error
> eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done
> eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094438:SSL
> routines:ssl3_read_bytes:tlsv1 alert internal error

This error actually comes from the peer. The peer has sent an internal
error alert to your server, which then causes your server to abort the
connection. So the question is why does the peer send the internal error
alert? Can any logging be obtained from that side of the connection?


> eap_peap: ERROR: System call (I/O) error (-1)
> eap_peap: ERROR: TLS receive handshake failed during operation
> eap_peap: ERROR: [eaptls process] = fail
> eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module failed
> Does anyone knows where the problem come from ?
> Thanks in advance for your help.
> Benjamin Dupalut

More information about the openssl-users mailing list