Code: Alles auswählen
[RADIUS-Server] 2026/01/24 20:00:44,849 Devicetime: 2026/01/24 20:00:45,083
Received RADIUS Authentication Request request 101 from client X:
-->client matches static IPv4 table entry X
-->known attributes of request:
.......
EAP-Message:
(232 bytes)
-->EAP Header
EAP Packet Code : Response
EAP Packet Id : 2
EAP Packet Len : 232
EAP Packet Type : TLS
--> EAP/TLS Packet
TLS Flags :
--> SSL/TLS Record
Record Content Type : Handshake
Record Length : 221
Protocol Version : TLSv1
Handshake Msg Type : Client Hello
Message Length : 217
-->SSL/TLS Client Hello
Protocol Version : TLSv1.2
Client Random : 44 19 6b bc 4c f1 97 f2 D.k.L...
9d 99 68 cf 61 8d 31 a2 ..h.a.1.
ed d3 e4 da 9b 99 b9 c4 ........
30 f6 11 b9 f9 9c 3c 6d 0.....<m
Session ID : 77 a5 05 d8 1a 80 61 b6 w.....a.
a7 31 56 6c 94 92 1a 96 .1Vl....
08 16 4e 59 31 8f c8 0c ..NY1...
9e 30 e6 16 cb 54 6b 45 .0...TkE
Cipher Suites : TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Compression Methods : NULL
Ext. Master Secret :
Reneg. Info :
Supported Groups : ecdh_x25519
secp256r1
secp384r1
EC-Point Formats : uncompressed
Sign. Algorithms : ecdsa_secp256r1_sha256
rsa_pss_rsae_sha256
rsa_pkcs1_sha256
ecdsa_secp384r1_sha384
rsa_pss_rsae_sha384
rsa_pkcs1_sha384
rsa_pss_rsae_sha512
rsa_pkcs1_sha512
rsa_pkcs1_sha1
Keyshare :
ecdh_x25519 : 34 be 47 84 bd 2f bc 69 4.G../.i
1f 4b 64 b0 bf 92 77 e7 .Kd...w.
04 4b f1 a1 62 4b 12 ce .K..bK..
65 97 6d da 60 9e 22 26 e.m.`."&
PSK Exchange Modes : psk_dhe_ke
Supp. Versions : TLSv1.3
TLSv1.2
Mobility-Domain-Id : 55370
WLAN-Pairwise-Cipher: TGI-CSE-CCMP128
WLAN-Group-Cipher : TGI-CSE-CCMP128
WLAN-AKM-Suite : TGI-AUTHSE-8021X-FT
WLAN-Group-Mgmt-Cipher: TGI-CSE-BIPCMAC128
WLAN-RF-Band : 2.4-GHz
-->user name contains no realm, using empty realm
-->realm of user is ''
-->authenticating locally
-->found user 'sirius.ofc.digitx.de' in database(s)
-->authenticating via EAP
-->queueing request for later response
Code: Alles auswählen
[TLS] 2026/01/24 20:00:44,849 Devicetime: 2026/01/24 20:00:45,084
Receiving Client Hello on connection 184684:
-> parsing TLS extensions
-> protocol version is TLSv1.2
-> selected x25519 as named group
-> enable extended master secret usage
-> created new session id
-> select cipher:
-> check cipher TLS_AES_128_GCM_SHA256
-> not allowed for selected protocol version
-> check cipher TLS_AES_256_GCM_SHA384
-> not allowed for selected protocol version
-> check cipher TLS_CHACHA20_POLY1305_SHA256
-> encryption algorithm disallowed by config
-> check cipher TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-> server key type mismatch
-> check cipher TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-> PFS suite or no PFS preference, selection done
-> selected cipher suite is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-> selected signature scheme is rsa_pkcs1_sha256
-> selected elliptic curve is x25519
-> selected elliptic curve point format is uncompressed
-> client supports secure renegotiation (by extension), enable it
-> all fine, ready to send Server Hello
Code: Alles auswählen
[RADIUS-Server] 2026/01/24 19:55:30,484 Devicetime: 2026/01/24 19:55:30,710
Received RADIUS Authentication Request request 93 from client X:
-->client matches static IPv4 table entry X
-->known attributes of request:
.......
EAP-Message:
(203 bytes)
-->EAP Header
EAP Packet Code : Response
EAP Packet Id : 2
EAP Packet Len : 203
EAP Packet Type : TLS
--> EAP/TLS Packet
TLS Flags :
--> SSL/TLS Record
Record Content Type : Handshake
Record Length : 192
Protocol Version : TLSv1
Handshake Msg Type : Client Hello
Message Length : 188
-->SSL/TLS Client Hello
Protocol Version : TLSv1.2
Client Random : b3 0c 54 b6 6f 0b 7d 1c ..T.o.}.
69 ab a0 42 f6 77 69 34 i..B.wi4
d1 47 11 2f e2 0c 7e 05 .G./..~.
d6 ca bd e7 5a 53 5a 3e ....ZSZ>
Cipher Suites : TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
Compression Methods : NULL
Reneg. Info :
EC-Point Formats : uncompressed
Supported Groups : ecdh_x25519
secp256r1
ecdh_x448
secp384r1
secp521r1
Encrypt-Then-MAC :
Ext. Master Secret :
Sign. Algorithms : 0x0905
0x0906
0x0904
ecdsa_secp256r1_sha256
ecdsa_secp384r1_sha384
ecdsa_secp521r1_sha384
ed25519
ed448
0x081a
0x081b
0x081c
rsa_pss_pss_sha256
rsa_pss_pss_sha384
rsa_pss_pss_sha512
rsa_pss_rsae_sha256
rsa_pss_rsae_sha384
rsa_pss_rsae_sha512
rsa_pkcs1_sha256
rsa_pkcs1_sha384
rsa_pkcs1_sha512
ecdsa_sha224
rsa_pkcs1_sha224
dsa_sha224
dsa_sha256
dsa_sha384
dsa_sha512
WLAN-Pairwise-Cipher: TGI-CSE-CCMP128
WLAN-Group-Cipher : TGI-CSE-CCMP128
WLAN-AKM-Suite : TGI-AUTHSE-8021X-SHA256
WLAN-Group-Mgmt-Cipher: TGI-CSE-BIPCMAC128
WLAN-RF-Band : 2.4-GHz
-->user name contains no realm, using empty realm
-->realm of user is ''
-->authenticating locally
-->found user 'skye.ofc.digitx.de' in database(s)
-->authenticating via EAP
-->queueing request for later response
Code: Alles auswählen
[TLS] 2026/01/24 19:55:30,486 Devicetime: 2026/01/24 19:55:30,711
Receiving Client Hello on connection 184667:
-> parsing TLS extensions
-> protocol version is TLSv1.2
-> selected secp521r1 as named group
-> enable extended master secret usage
-> created new session id
-> select cipher:
-> check cipher TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-> server key type mismatch
-> check cipher TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-> no fitting signature/hash algorithm
-> check cipher TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
-> no fitting signature/hash algorithm
-> check cipher TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
-> server key type mismatch
-> check cipher TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-> encryption algorithm disallowed by config
-> check cipher TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-> encryption algorithm disallowed by config
-> check cipher TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-> server key type mismatch
-> check cipher TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-> no fitting signature/hash algorithm
-> check cipher TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
-> no fitting signature/hash algorithm
-> check cipher TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
-> server key type mismatch
-> check cipher TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
-> no fitting signature/hash algorithm
-> check cipher TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
-> no fitting signature/hash algorithm
-> check cipher TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-> server key type mismatch
-> check cipher TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-> no fitting signature/hash algorithm
-> check cipher TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
-> no fitting signature/hash algorithm
-> check cipher TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
-> server key type mismatch
-> check cipher TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-> no fitting signature/hash algorithm
-> check cipher TLS_DHE_RSA_WITH_AES_256_CBC_SHA
-> no fitting signature/hash algorithm
-> check cipher TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-> server key type mismatch
-> check cipher TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-> no fitting signature/hash algorithm
-> check cipher TLS_DHE_RSA_WITH_AES_128_CBC_SHA
-> no fitting signature/hash algorithm
-> check cipher TLS_RSA_WITH_AES_256_GCM_SHA384
-> no fitting signature/hash algorithm
-> check cipher TLS_RSA_WITH_AES_128_GCM_SHA256
-> no fitting signature/hash algorithm
-> check cipher TLS_RSA_WITH_AES_256_CBC_SHA256
-> no fitting signature/hash algorithm
-> check cipher TLS_RSA_WITH_AES_128_CBC_SHA256
-> no fitting signature/hash algorithm
-> check cipher TLS_RSA_WITH_AES_256_CBC_SHA
-> no fitting signature/hash algorithm
-> check cipher TLS_RSA_WITH_AES_128_CBC_SHA
-> no fitting signature/hash algorithm
-> cannot select cipher suite, exiting
Die Zertifikate sind alle mit dem identischen Verfahren erzeugt worden. In den Client Zertifikaten und im CA Zertifikat steht 'Signature Algorithm: sha256WithRSAEncryption'.
bietet das vorhandene openssl Paket natürlich alle Möglichkeiten der Konfiguration die OpenSSL eben so hat.