EAP-TTLS not working on windows 11 for a wired usage

Alan DeKok aland at deployingradius.com
Thu Oct 13 11:30:42 UTC 2022


On Oct 13, 2022, at 3:33 AM, Marek Zarychta <zarychtam at plan-b.pwste.edu.pl> wrote:
> Thank you for this important and very valuable clue. Indeed, I can confirm that Windows 11 clients to perform TTLS auth with success need either session resumption turned off or TLS 1.3 disabled.

  That's good to hear.

> I hope Microsoft will fix it in the near future, but now Windows 11 seems to be a showstopper precluding wider adoption of TLS 1.3 in TTLS environments.

  Well, you can use TLS 1.3, but then you lose the benefits of session resumption.

  This looks like a decision made for "marketing" reasons.  i.e. "We want people to use PEAP, so we'll make TTLS harder to use".  In the end, all that does is annoy your customers.

  Alan DeKok.



More information about the Freeradius-Users mailing list