31 Mar
2015
31 Mar
'15
6:33 a.m.
Jouni, Isn't it about time to, by default, include TLS extensions in the Client Hello and have an option to switch it off for any broken servers? Incidentally, just looking at the code in wpa_supplicant, only when OpenSSL is used is TLS 1.2 used/supported. It's hard coded for TLS 1.0 with all the other SSL/TLS implementations. Cheers, Nick
If only the deployed authentication servers were to support TLS extensions.. Clients have to disable session tickets due to so many broken RADIUS servers out there with TLS implementation rejecting any attempt to connect with such an extension included.