aironet1100 EAP-FAST + supplicant
Jouni Malinen
jkmaline
Wed Dec 13 21:29:38 PST 2006
On Wed, Dec 13, 2006 at 09:53:14AM -0500, Aaron Baillargeon wrote:
> I found an email from June posted to the mailing list that asked about
> EAP-FAST and an SSL error that came up with CiscoAPs, couldn't find any
> resolution. Below is an excerpt from the email(seemingly from a cisco
> employee) showing the error:
> / SSL: (where=0x4008 ret=0x22f)
> />/ SSL: SSL3 alert: write (local SSL3 detected an error):fatal:illegal
> />/ parameter
> />/ SSL: (where=0x1002 ret=0xffffffff)
> />/ SSL: SSL_connect:error in SSLv3 read server hello B
> />/ OpenSSL: tls_connection_handshake - SSL_connect error:14092105:SSL
> />/ routines:SSL3
> />/ _GET_SERVER_HELLO:wrong cipher returned
If I remember correctly, this is caused by a bug in the EAP-FAST server
implementation that is included in some of the APs as the local
authentication server.
> I was curious if anyone else working with EAP-FAST encountered this.
> I tried openssl 0.9.8a and 0.9.8d(patched) with wpa_supplicant 0.5.6 and
> dont have any other EAP-FAST capable servers around to test (freeradius
> doesn't support it correct?)
The internal TLS implementation (CONFIG_TLS=internal and
CONFIG_INTERNAL_LIBTOMMATH=y in .config) seems to work with the local
authentication server in the Cisco APs.. In order to get OpenSSL
working, some of the cipher suites would need to be disabled as a
workaround (again, if I remember correctly).
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list