Windows 8.1 Wi-Fi client handshake failure
Martin Rowe
martin.p.rowe at gmail.com
Tue Oct 7 07:59:25 CEST 2014
Martin Rowe wrote:
> At least that eliminates the client certificate. I'll play around some
> of the extensions on the server certificate.
So I played around a lot with the server certificate. The error only
occurs when the server key is generated using curve secp521r1. [1] and
[2] both claim Windows 8.1 supports that curve, and it works with the
other "supported" curves (secp256r1 and secp384r1) and even works when
Windows uses secp521r1 for the client key/certificate, just not when
the server uses it. Like I said earlier, Linux and Android are both
able to connect when the server uses secp521r1, so I'm assuming this
is a Windows bug.
[1] http://technet.microsoft.com/en-us/library/cc766285(v=ws.10).aspx
[2] http://en.wikipedia.org/wiki/Comparison_of_TLS_implementations
A little further investigation found [3] which seems to indicate that
secp521r1 can be enabled. I checked on Windows 8.1 and the settings
appear the same, but it's late so this will have to wait until
tomorrow. There is still hope.
[3] http://www.carbonwind.net/blog/post/IE8-on-Windows-7-and-the-sha512ecdsa-combo-used-within-the-TLS-12-signature_algorithms-extension.aspx
Thanks
Marty
More information about the Freeradius-Users
mailing list