FreeRadius3 - TLS 1.2 & Eapol_Test
Is there a way to use eapol_test to force TLS 1.2? I have downloaded and compiled the latest wpa_supplicant with OpenSSL 1.0.1e-fips 11 Feb 2013. I can't seem to find the configuration switch to enable TLS 1.2. On the server side I have tried configuring the eap module with: cipher_list = "DEFAULT" cipher_list = "ALL:!MEDIUM:!LOW" cipher_list = "AES256-SHA" cipher_list = "AES256-SHA256" cipher_list = "AES256-SHA256:AES128-SHA256" cipher_list = "AES256-SHA256:AES128:SHA" The command string I am currently using is: ./eapol_test -c eapol_test.conf.tls -a10.115.10.32 -p1812 -stesting123 -r1 The contents of the eapol_test.conf.tls are: eapol_version=2 network={ eap=TLS eapol_flags=3 proto=WPA #key_mgmt=IEEE8021X key_mgmt=WPA-EAP identity="00A0BC2FF8C0@test" ca_cert="testca.pem" client_cert="Client_Cert.pem" private_key="Client_privKey.pem" } My FreeRadius3 server server details: [root@aaa ~]# /usr/sbin/radiusd -Xv Wed Jan 22 13:00:52 2014 : Info: radiusd: FreeRADIUS Version 3.0.1, for host x86_64-redhat-linux-gnu, built on Jan 20 2014 at 01:36:32 Wed Jan 22 13:00:52 2014 : Debug: Server was built with: Wed Jan 22 13:00:52 2014 : Debug: accounting Wed Jan 22 13:00:52 2014 : Debug: authentication Wed Jan 22 13:00:52 2014 : Debug: ascend binary attributes Wed Jan 22 13:00:52 2014 : Debug: coa Wed Jan 22 13:00:52 2014 : Debug: control-socket Wed Jan 22 13:00:52 2014 : Debug: detail Wed Jan 22 13:00:52 2014 : Debug: dhcp Wed Jan 22 13:00:52 2014 : Debug: dynamic clients Wed Jan 22 13:00:52 2014 : Debug: proxy Wed Jan 22 13:00:52 2014 : Debug: regex-pcre Wed Jan 22 13:00:52 2014 : Debug: session-management Wed Jan 22 13:00:52 2014 : Debug: stats Wed Jan 22 13:00:52 2014 : Debug: tcp Wed Jan 22 13:00:52 2014 : Debug: threads Wed Jan 22 13:00:52 2014 : Debug: tls Wed Jan 22 13:00:52 2014 : Debug: unlang Wed Jan 22 13:00:52 2014 : Debug: vmps Wed Jan 22 13:00:52 2014 : Debug: Server core libs: Wed Jan 22 13:00:52 2014 : Debug: talloc : 2.0.* Wed Jan 22 13:00:52 2014 : Debug: ssl : OpenSSL 1.0.1e-fips 11 Feb 2013 Wed Jan 22 13:00:52 2014 : Info: Copyright (C) 1999-2014 The FreeRADIUS server project and contributors Wed Jan 22 13:00:52 2014 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Wed Jan 22 13:00:52 2014 : Info: PARTICULAR PURPOSE Wed Jan 22 13:00:52 2014 : Info: You may redistribute copies of FreeRADIUS under the terms of the Wed Jan 22 13:00:52 2014 : Info: GNU General Public License Wed Jan 22 13:00:52 2014 : Info: For more information about these matters, see the file named COPYRIGHT Thanks, Ryan
Hi Have you talked to the authors of WPA supplicant. Especially in relation to the eapol_test tool and its capabilities? alan -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Alan, I am having issues validating the use of TLS 1.2 with FreeRadius3 and was hoping to get feedback from the list. Eapol_test seems to be the the best available tool for testing. Is there another method, radeapclient, or something else that can be used to specifically test the new ciphers? Thanks, Ryan From: Alan Buxey [mailto:A.L.M.Buxey@lboro.ac.uk] Sent: Wednesday, January 22, 2014 1:21 PM To: FreeRadius users mailing list; O'Connell, Ryan Subject: Re: FreeRadius3 - TLS 1.2 & Eapol_Test Hi Have you talked to the authors of WPA supplicant. Especially in relation to the eapol_test tool and its capabilities? alan -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Hi,
I am having issues validating the use of TLS 1.2 with FreeRadius3 and was hoping to get feedback from the list. Eapol_test seems to be the the best available tool for testing. Is there another method, radeapclient, or something else that can be used to specifically test the new ciphers?
Have you talked to the authors of WPA supplicant. Especially in relation to the eapol_test tool and its capabilities? alan
I am not set on using eapol_test but it doesn't seem possible to test TLS 1.2 with radeapclient. Would you agree? Are there other ways of testing this? Thanks, Ryan -----Original Message----- From: freeradius-users-bounces+ryan.oconnell=viasat.com@lists.freeradius.org [mailto:freeradius-users-bounces+ryan.oconnell=viasat.com@lists.freeradius.org] On Behalf Of A.L.M.Buxey@lboro.ac.uk Sent: Wednesday, January 22, 2014 11:19 PM To: FreeRadius users mailing list Subject: Re: FreeRadius3 - TLS 1.2 & Eapol_Test Hi,
I am having issues validating the use of TLS 1.2 with FreeRadius3 and was hoping to get feedback from the list. Eapol_test seems to be the the best available tool for testing. Is there another method, radeapclient, or something else that can be used to specifically test the new ciphers?
Have you talked to the authors of WPA supplicant. Especially in relation to the eapol_test tool and its capabilities? alan - List info/subscribe/unsubscribe? See https://urldefense.proofpoint.com/v1/url?u=http://www.freeradius.org/list/us...
O'Connell, Ryan wrote:
I am not set on using eapol_test but it doesn't seem possible to test TLS 1.2 with radeapclient. Would you agree? Are there other ways of testing this?
a) talk to the eapol_test people b) find a $$$$ commercial solution. There is no: c) keep asking the same question repeatedly, hoping for a magic answer Alan DeKok.
participants (4)
-
A.L.M.Buxey@lboro.ac.uk -
Alan Buxey -
Alan DeKok -
O'Connell, Ryan