19 Sep
2024
19 Sep
'24
12:03 a.m.
I had discussions with Microsoft a year or so about this. They were very happy to tell me that they had decided to not implement session resumption for TLS 1.3. They were not happy when I explained it was 100% necessary for many environments.
A year later, "yeah, we'll fix it eventually".
That's not useful.
Alan DeKok.
Yeah, not useful at all. I'm going to raise a ticket with MS about setting the identity when using EAP-TLS on Windows instead of defaulting to 'host/<cert CN>' (with machine auth). We have to do EAP-TTLS with EAP-TLS inner just because of this limitation. I'll ask them about their session resumption plans with TLS1.3 at the same time. Cheers