This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Extreme Control TLS Alert

Extreme Control TLS Alert

Go to solution
RobertD1
Contributor

‎05-15-2023 02:09 AM

Hello,

Rather than wasting time troubleshooting the below error I wondered if the Extreme Control Engine will reject older encryption protocols such as SSL V3.0?

Old Windows XP with 802.1x PEAP:

Event:

eap_peap: TLS Alert write:fatal:handshake failure eap_peap: Failed in __FUNCTION__ (SSL_read): error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher eap_peap: System call (I/O) error (-1) eap_peap: TLS receive handshake failed during operation

Thanks,

Rob

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Robert_Haynes
Extreme Employee

‎05-15-2023 05:13 AM

Correct. Control will reject any SSLv3 based encipherment. It will also reject a core list of now defunct / legacy ciphers from older clients as listed in GTAC KB @ https://extremeportal.force.com/ExtrArticleDetail?an=000100637.

 

View solution in original post

6 REPLIES 6

Go to solution
Robert_Haynes
Extreme Employee
In response to Robert_Haynes

‎05-15-2023 05:15 AM

... take a trace of the PEAP connection to expose the ciphers the client is requesting and compare against what is set as seen in the NSJBoss.properties 'tomcat.ciphers' entry.

Go to solution
Ryan_Yacobucci
Extreme Employee

‎05-15-2023 05:12 AM

Hello Robert,

This is likely the case. 
https://extremeportal.force.com/ExtrArticleDetail?an=000066220

I will need to get this article modified. You can test the appliance property in the article, but I believe at this point these ciphers have been completely deprecated and are not available for use at all. 

Thanks
-Ryan

GTM-P2G8KFN