OpenSSL reports wrong TLS version to FreeRADIUS

Matt Caswell matt at
Tue Mar 3 14:44:06 UTC 2020

On 03/03/2020 12:51, iilinasi wrote:
> Alfred, I'd like to say "thanks" once more.
> I tried with newer ciphers and version 1.2 - and now freeradius (3.0.16)
> indeed sends me the second "challenge". So, it's a huge progress.
> However it still complains on the unknown TLS version. I attach the
> server log and the packet capture, just in case.

This is the interesting part from the server log.

(1) eap_tls: TLS_accept: before SSL initialization
(1) eap_tls: <<< recv UNKNOWN TLS VERSION ?0304? [length 0048]
(1) eap_tls: TLS_accept: SSLv3/TLS read client hello

The "before SSL initialization" and the "SSLv3/TLS read client hello"
strings are generated by OpenSSL. They are the return values from a call
to the function SSL_state_string_long() and are intended to give a human
readable output of what state the SSL object is in and where in the
handshake process it has got to.

Interestingly the "UNKNOWN TLS VERSION" message appears between the
"before" state and the "read client hello" state. The latter will be
returned after the SSL object has gone through its initial setup but
before or during the processing of a ClientHello received from the
client. The TLS protocol version that server will use is chosen during
the processing of that ClientHello. Depending on exactly at what point
we're at it is possible that a call to SSL_version() will return either
the selected version or (if we haven't got as far as selecting a version
yet), the version that the SSL object was initialised with.

New SSL objects created using TLS_method(), or TLS_server_method() will
have their version initialised to TLS_MAX_VERSION. In OpenSSL 1.1.1
TLS_MAX_VERSION is 0x0304 (TLSv1.3).

The string "UNKNOWN TLS VERSION" does not appear in libssl at all. So my
guess is that this warning is actually coming from eap_tls after it has
made a call to SSL_version(). Since the version has not actually been
negotiated yet it comes back with TLSv1.3, and eap_tls doesn't know how
to handle it.

Is this actually an error? Or just a warning?


More information about the openssl-users mailing list