Windows 8.1 Wi-Fi client handshake failure

Nick Lowe nick.lowe at gmail.com
Tue Oct 7 16:19:32 CEST 2014


For TLS-based EAP purposes, I feel we should all be using certificates
with SHA-2 family signature algorithms now, the best choice probably
being SHA-256, as Microsoft, Google and Mozilla are actively
deprecating SHA-1.

Even though this is mostly in the context of the secure Web, is it not
likely that we will see operating systems being hostile to
certificates with a SHA-1 signature algorithm going forward, as it is
today with certificates that use MD5?

http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx

http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html

https://wiki.mozilla.org/CA:Problematic_Practices#SHA-1_Certificates

On Tue, Oct 7, 2014 at 1:19 PM, Alan DeKok <aland at deployingradius.com> wrote:
>   When I create certificates, I use "conservative" values.  RSA, 2048
> bit keys, SHA, etc.  That works everywhere.


More information about the Freeradius-Users mailing list