Windows Slow EAP-TLS Authentication
George Benjin
george.benjin at gmail.com
Thu Sep 19 04:03:11 UTC 2024
> I had discussions with Microsoft a year or so about this. They were very happy to tell me that they had decided to not implement session resumption for TLS 1.3. They were not happy when I explained it was 100% necessary for many environments.
> A year later, "yeah, we'll fix it eventually".
> That's not useful.
> Alan DeKok.
Yeah, not useful at all. I'm going to raise a ticket with MS about
setting the identity when using EAP-TLS on Windows instead of
defaulting to 'host/<cert CN>' (with machine auth). We have to do
EAP-TTLS with EAP-TLS inner just because of this limitation.
I'll ask them about their session resumption plans with TLS1.3 at the same time.
Cheers
More information about the Freeradius-Users
mailing list