EAP-FAST under Windows XP
Michael Reilly
michaelr
Fri Dec 29 10:24:04 PST 2006
Hi,
I work for Cisco Systems on IOS and use wpa_supplicant on my Linux system to
connect to Cisco APs in the office using EAP-FAST. I discovered a bug in Cisco
APs which causes wpa_supplicant to fail and filed a bug report in June 2006. (I
do not work in the group which creates the firmware for the APs - I am just a
user of the APs.)
"A change made to after 12.3(2)JA broke EAP-FAST functionality for a number of
supplicants which worked with prior versions of the AP-1100 when using the local
radius server.
That change assumes that if cipher suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA1 is
offered in a received client hello message then the client wants to do initial
provisioning."
Since OpenSSL sends TLS_DHE_RSA_WITH_AES_128_CBC_SHA1 in its client hello
message the AP always assumes the client wants to do initial provisioning.
Anyway since I filed the bug report the Quality Assurance group is asking me for
a wpa_supplicant they can use to verify the fix. For some reason I do not
understand they use Windows boxes as the clients. So do you know of a
pre-compiled wpa_supplicant (and openssl if it is a separate binary on windows)
with EAP-FAST support which I could download for them?
Thank you,
michael
--
---- ---- ----
Michael Reilly michaelr at cisco.com
Cisco Systems, California
More information about the Hostap
mailing list