solved, "Alert (Level: Fatal, Description: Unexpected Message)"

Jouni Malinen j
Sat Mar 6 00:00:12 PST 2010

On Wed, Feb 24, 2010 at 11:03:34AM +0100, Patrick Cervicek wrote:

> I had a problem using wpasupplicant with EAP-TLS and a Radiusserver 
> (vendor unknown).
> After a "Client Hello" the Server always answered with
>    "Alert (Level: Fatal, Description: Unexpected Message)"
> The Solution was to recompile openssl without "enable-tlsext". (Maybe 
> there are better options?)

Well.. In theory, the best option would be to fix the server to be
compliant with TLS.. ;-)  Assuming that that won't happen so easily, it
should also be possible for wpa_supplicant disable use of TLS extensions
without having to recompile OpenSSL. I've considered doing this by
default as a workaround against broken servers, but haven't seen enough
reports to indicate that this would be that common issue so far.

If a commonly used RADIUS server is identified, I could at least provide
a configuration option to do this. Though, this is not really something
I would like to require users to be aware of.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list