EAP-FAST Support

Nick Lowe nick.lowe at gmail.com
Mon Sep 21 11:08:37 CEST 2015

There's also fun supporting TLS 1.2 for EAP-FAST if anybody actually
wants to resurrect this EAP type:

OpenSSL: Add SHA256 support in openssl_tls_prf() for TLSv1.2

"This is needed when enabling TLSv1.2 support for EAP-FAST since the
SSL_export_keying_material() call does not support the needed
parameters for TLS PRF and the external-to-OpenSSL PRF needs to be
used instead. "

There likely to be issues with FreeRADIUS 2.2.x here therefore.
(It may be worth ensuring only TLS 1.0 gets used for EAP-FAST in 2.2.9.)



More information about the Freeradius-Users mailing list