Sending CA certificate during EAP-TLS

Stefan Winter stefan.winter at restena.lu
Wed Jun 20 14:41:19 CEST 2007


Hi,

> so....whos breaking the RFCs with respect to ICMP and pmtu?  ;-)

I've been hunting one such case recently. Just in case it helps: in our case 
it was a BSD firewall that was misconfigured to only allow non-fragmented UDP 
packets. I'm not into BSD at all, the guy said something about this being a 
default setting? I hope I got him wrong back then.

We also currently have a pending issue with Cisco WLAN Controllers. We suspect 
that it will take the EAPoL message from the client, and put the beginning of 
it into a UDP packet, simply forgetting about the rest if EAPoL payload > 
largest possible EAP-Message payload. We couldn't get our hands on a 100% 
positive test case, so didn't approach TAC yet.

If any of the two are the case for you, please report back here - it's quite 
an interesting piece of info...

Stefan

-- 
Stefan WINTER

Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingenieur Forschung & Entwicklung

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at restena.lu     Tel.:     +352 424409-1
http://www.restena.lu                Fax:      +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070620/186e24a0/attachment.pgp>


More information about the Freeradius-Users mailing list