EAP-TLS Signature Check Failure

Alan DeKok aland at deployingradius.com
Fri Jan 22 15:31:49 CET 2021


On Jan 22, 2021, at 7:48 AM, nabble at felix.world wrote:
> we finally got the issue and for the anyone else, how will face the issue, the fix is quite simple. Update your TPM Firmware!
> 
> In fact, during the authentication the client is sending a signature which only includes nulls. The packet itself is intact, sizes of the packets are valid and the signature algorithm is also well. The only thing that's not in the tls authentication is a signature. : 

  Wow.  That's a pretty spectacular breakage.  How the heck do these things make it to production?

> That's also the reason why some of our clients are able to authenticate and some not, with the key, stored in TPM. 
> 
> Intel ships end customer TPM updater, STM as we know not. We also don't have clients with Infineon chips but they should also ship updates to the end customer. 

  Good to know.

  Alan DeKok.




More information about the Freeradius-Users mailing list