cancel
Showing results for 
Search instead for 
Did you mean: 

Extreme Control TLS Alert

Extreme Control TLS Alert

RobertD1
Contributor II

Hello,

Rather than wasting time troubleshooting the below error I wondered if the Extreme Control Engine will reject older encryption protocols such as SSL V3.0?

Old Windows XP with 802.1x PEAP:

Event:

eap_peap: TLS Alert write:fatal:handshake failure eap_peap: Failed in __FUNCTION__ (SSL_read): error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher eap_peap: System call (I/O) error (-1) eap_peap: TLS receive handshake failed during operation

Thanks,

Rob

1 ACCEPTED SOLUTION

Robert_Haynes
Extreme Employee

Correct. Control will reject any SSLv3 based encipherment. It will also reject a core list of now defunct / legacy ciphers from older clients as listed in GTAC KB @ https://extremeportal.force.com/ExtrArticleDetail?an=000100637.

 

View solution in original post

6 REPLIES 6

... take a trace of the PEAP connection to expose the ciphers the client is requesting and compare against what is set as seen in the NSJBoss.properties 'tomcat.ciphers' entry.

Ryan_Yacobucci
Extreme Employee

Hello Robert,

This is likely the case. 
https://extremeportal.force.com/ExtrArticleDetail?an=000066220

I will need to get this article modified. You can test the appliance property in the article, but I believe at this point these ciphers have been completely deprecated and are not available for use at all. 

Thanks
-Ryan

GTM-P2G8KFN