warning message about suplicants
Alan DeKok
aland at deployingradius.com
Wed Feb 28 13:58:58 UTC 2024
On Feb 28, 2024, at 8:49 AM, Marek Zarychta <zarychtam at plan-b.pwste.edu.pl> wrote:
> FWIW, the issue seems to be solved. No more problems with fast reauthentication from Microsoft supplicants connecting over TLS 1.3 now.
That's good to hear.
> In the meantime I upgraded OS from FreeBSD 13.2-STABLE to FreeBSD 14.0-STABLE, thus OpenSSL changed from 1.1.1 to 3.0.13. Perhaps OpenSSL 1.1.1 was the real culprit of broken session resumption for Windows users ?
Nope. Microsoft chose to skip session resumption for TLS 1.3. I had a few conversations explaining why this was a _very_ bad decision.
Universities have ~20K students reconnecting to WiFi every 60-90 minutes. And without session resumption, their Active Directory systems would melt down. That new seemed to incentivize the decision to add session resumption.
Alan DeKok.
More information about the Freeradius-Users
mailing list