EAP-FAST doesn't work with Cisco AP

Michael Reilly michaelr
Sun Jun 11 22:04:12 PDT 2006

I have been trying to get EAP-FAST to work with my Cisco AP-1100 (12.3(7)JA2 and
12.3(8)JA2 IOS versions on the AP).  Windows clients work fine with the AP.

wpa_supplicant 0.4.9 and openssl 0.9.8b patched with
openssl-tls-extensions.patch.  SSL fails and sends the AP an Alert code 47.  The
wpa_supplicant SSL part of the log is shown below.  I can provide additional
information as required.

Anyone aware of this problem and have a fix?



EAP-FAST: PAC-Key - hexdump(len=32): [REMOVED]
EAP-FAST: TLS pre-master-secret - hexdump(len=48): [REMOVED]
SSL: (where=0x4008 ret=0x22f)
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:illegal parameter
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello B
OpenSSL: tls_connection_handshake - SSL_connect error:14092105:SSL
routines:SSL3_GET_SERVER_HELLO:wrong cipher returned
SSL: 7 bytes pending from ssl_out
SSL: Failed - tls_out available to report error
SSL: 7 bytes left to be sent out (of total 7 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE

---- ---- ----
Michael Reilly    michaelr at cisco.com
    Cisco Systems,  California

More information about the Hostap mailing list