EAP-FAST Support

Nick Lowe nick.lowe at gmail.com
Mon Sep 21 11:08:37 CEST 2015


There's also fun supporting TLS 1.2 for EAP-FAST if anybody actually
wants to resurrect this EAP type:

OpenSSL: Add SHA256 support in openssl_tls_prf() for TLSv1.2
http://w1.fi/cgit/hostap/commit/?id=16bc3b8935c3f37ea79ff511a36e77d52ab94da7

"This is needed when enabling TLSv1.2 support for EAP-FAST since the
SSL_export_keying_material() call does not support the needed
parameters for TLS PRF and the external-to-OpenSSL PRF needs to be
used instead. "

There likely to be issues with FreeRADIUS 2.2.x here therefore.
(It may be worth ensuring only TLS 1.0 gets used for EAP-FAST in 2.2.9.)

Regards,

Nick


More information about the Freeradius-Users mailing list