EAP-TLS with TLS 1.3
Stefan Winter
stefan.winter at restena.lu
Mon Mar 12 11:40:15 CET 2018
Hi,
I'm currently looking at
https://www.ietf.org/id/draft-mattsson-eap-tls13-02.txt.
It states that:
While Elliptic Curve Cryptography (ECC) was optional for earlier
version of TLS, TLS 1.3 mandates support of ECC (see Section 9 of
[I-D.ietf-tls-tls13]). To avoid fragmentation, the use of ECC in
certificates, signature algorithms, and groups are RECOMMENDED when
using EAP-TLS with TLS 1.3 or higher.
That sounds like useful avice.
I'm wondering though what to do if you have a diverse variety of client
devices doing EAP; some of which only do TLS 1.2 while others do TLS 1.3.
The EAP server can only present one certificate to its incoming peer
connections.
If it has a ECDSA certificate, there's a chance for an interop problem
with TLS 1.2 clients not supporting the needed cipher suites.
If it has a RSA certificate, it misses out on the small-cert benefits.
I wonder if it's possible to have both certificates available to the
server, with a late selection: depending on which TLS version has been
negotiated, present one cert or the other.
Is that kind of stuff doable?
It would certainly make a transition easier...
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20180312/85f8cef5/attachment.sig>
More information about the Freeradius-Devel
mailing list