13 Oct
2022
13 Oct
'22
7:30 a.m.
On Oct 13, 2022, at 3:33 AM, Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> wrote:
Thank you for this important and very valuable clue. Indeed, I can confirm that Windows 11 clients to perform TTLS auth with success need either session resumption turned off or TLS 1.3 disabled.
That's good to hear.
I hope Microsoft will fix it in the near future, but now Windows 11 seems to be a showstopper precluding wider adoption of TLS 1.3 in TTLS environments.
Well, you can use TLS 1.3, but then you lose the benefits of session resumption. This looks like a decision made for "marketing" reasons. i.e. "We want people to use PEAP, so we'll make TTLS harder to use". In the end, all that does is annoy your customers. Alan DeKok.