EAP-TTLS not working on windows 11 for a wired usage
Marek Zarychta
zarychtam at plan-b.pwste.edu.pl
Thu Oct 13 07:33:32 UTC 2022
W dniu 11.10.2022 o 23:22, Alan DeKok pisze:
> On Oct 11, 2022, at 4:33 PM, Marek Zarychta <zarychtam at plan-b.pwste.edu.pl> wrote:
>> Some of our eduroam users running Windows 11 are also encountering issues with EAP-TTLS and it looks like the reply from the server is missing too. We are investigating this.
> The server should always reply.
>
> What usually happens is that the Windows system doesn't like something about the servers reply, and then just stops doing EAP.
>
> You might try turning off session resumption. I would normally recommend using it always, but we've had issues with it in Windows 11.
>
> i.e. the combination of Windows 11, TLS 1.3, TTLS, and session resumption makes Windows upset. I don't really know more than that, as any information I have is just "Windows goes away".
Thank you for this important and very valuable clue. Indeed, I can
confirm that Windows 11 clients to perform TTLS auth with success need
either session resumption turned off or TLS 1.3 disabled. I hope
Microsoft will fix it in the near future, but now Windows 11 seems to be
a showstopper precluding wider adoption of TLS 1.3 in TTLS environments.
--
Marek Zarychta
More information about the Freeradius-Users
mailing list