Windows 8.1 Wi-Fi client handshake failure
Nick Lowe
nick.lowe at gmail.com
Tue Oct 7 16:19:32 CEST 2014
For TLS-based EAP purposes, I feel we should all be using certificates
with SHA-2 family signature algorithms now, the best choice probably
being SHA-256, as Microsoft, Google and Mozilla are actively
deprecating SHA-1.
Even though this is mostly in the context of the secure Web, is it not
likely that we will see operating systems being hostile to
certificates with a SHA-1 signature algorithm going forward, as it is
today with certificates that use MD5?
http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx
http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html
https://wiki.mozilla.org/CA:Problematic_Practices#SHA-1_Certificates
On Tue, Oct 7, 2014 at 1:19 PM, Alan DeKok <aland at deployingradius.com> wrote:
> When I create certificates, I use "conservative" values. RSA, 2048
> bit keys, SHA, etc. That works everywhere.
More information about the Freeradius-Users
mailing list