14 Oct
2022
14 Oct
'22
11:29 a.m.
W dniu 13.10.2022 o 13:30, Alan DeKok pisze:
Well, you can use TLS 1.3, but then you lose the benefits of session resumption.
Yes, TLS 1.3 for EAP is still new feature, worth testing, so we are testing.
This looks like a decision made for "marketing" reasons. i.e. "We want people to use PEAP, so we'll make TTLS harder to use". In the end, all that does is annoy your customers.
Probably not, unfortunately, PEAP reveals the same behavior. Session resumption has to be turned off when TLS 1.3 is negotiated by the Windows supplicant, otherwise, Windows steps back. So far only wpa_supplicant(8) can do {PEAP,TTLS}/MSCHAP2 against FreeRADIUS 3.2.1 with TLS 1.3 negotiated while session resumption is turned on. -- Marek Zarychta