warning message about suplicants

Alan DeKok aland at deployingradius.com
Wed Feb 28 13:58:58 UTC 2024

On Feb 28, 2024, at 8:49 AM, Marek Zarychta <zarychtam at plan-b.pwste.edu.pl> wrote:
> FWIW, the issue seems to be solved. No more problems with fast reauthentication from Microsoft supplicants  connecting over TLS 1.3 now. 

  That's good to hear.

> In the meantime I upgraded OS from FreeBSD 13.2-STABLE to FreeBSD 14.0-STABLE, thus OpenSSL changed from 1.1.1 to 3.0.13. Perhaps OpenSSL 1.1.1 was the real culprit of broken session resumption for Windows users ?

  Nope.  Microsoft chose to skip session resumption for TLS 1.3.  I had a few conversations explaining why this was a _very_ bad decision.

  Universities have ~20K students reconnecting to WiFi every 60-90 minutes.  And without session resumption, their Active Directory systems would melt down.  That new seemed to incentivize the decision to add session resumption.

  Alan DeKok.

More information about the Freeradius-Users mailing list