On Feb 28, 2024, at 8:49 AM, Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> wrote:
FWIW, the issue seems to be solved. No more problems with fast reauthentication from Microsoft supplicants connecting over TLS 1.3 now.
That's good to hear.
In the meantime I upgraded OS from FreeBSD 13.2-STABLE to FreeBSD 14.0-STABLE, thus OpenSSL changed from 1.1.1 to 3.0.13. Perhaps OpenSSL 1.1.1 was the real culprit of broken session resumption for Windows users ?
Nope. Microsoft chose to skip session resumption for TLS 1.3. I had a few conversations explaining why this was a _very_ bad decision. Universities have ~20K students reconnecting to WiFi every 60-90 minutes. And without session resumption, their Active Directory systems would melt down. That new seemed to incentivize the decision to add session resumption. Alan DeKok.