Ready for 2.2.7?
Alan DeKok
aland at deployingradius.com
Tue Mar 31 18:16:25 CEST 2015
On Mar 31, 2015, at 10:53 AM, Jouni Malinen <jkmalinen at gmail.com> wrote:
> It should actually already be possible to enable this by adding
> phase1="tls_disable_session_ticket=0" into the network profile in
> wpa_supplicant/eapol_test.
That's good to know.
> This workaround (of not sending session
> ticket) can also be disabled with eap_workaround=0, but it looks like
> that actually results in other issues with FreeRADIUS (mismatch in
> EAP-MSCHAPv2 header length when used within PEAP),
Hmm... I don't see that here. Do you have packet traces / debug logs?
And the inner EAP data in PEAP is... stupid. Very, very, stupid. <sigh>
> I don't know which TLS implementation is involved in the problem cases
> or whether the EAP server implementation manages to break this on its
> own. Anyway, none of the reported interop issues with TLS session
> ticket extension have been with FreeRADIUS.
That's good to know.
Alan DeKok.
More information about the Freeradius-Users
mailing list