EAP-FAST Support
Nick Lowe
nick.lowe at gmail.com
Mon Sep 21 11:08:37 CEST 2015
There's also fun supporting TLS 1.2 for EAP-FAST if anybody actually
wants to resurrect this EAP type:
OpenSSL: Add SHA256 support in openssl_tls_prf() for TLSv1.2
http://w1.fi/cgit/hostap/commit/?id=16bc3b8935c3f37ea79ff511a36e77d52ab94da7
"This is needed when enabling TLSv1.2 support for EAP-FAST since the
SSL_export_keying_material() call does not support the needed
parameters for TLS PRF and the external-to-OpenSSL PRF needs to be
used instead. "
There likely to be issues with FreeRADIUS 2.2.x here therefore.
(It may be worth ensuring only TLS 1.0 gets used for EAP-FAST in 2.2.9.)
Regards,
Nick
More information about the Freeradius-Users
mailing list