EAP-FAST under Windows XP

Michael Reilly michaelr
Fri Dec 29 10:24:04 PST 2006


I work for Cisco Systems on IOS and use wpa_supplicant on my Linux system to
connect to Cisco APs in the office using EAP-FAST.  I discovered a bug in Cisco
APs which causes wpa_supplicant to fail and filed a bug report in June 2006.  (I
do not work in the group which creates the firmware for the APs - I am just a
user of the APs.)

"A change made to after 12.3(2)JA broke EAP-FAST functionality for a number of
supplicants which worked with prior versions of the AP-1100 when using the local
radius server.

That change assumes that if cipher suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA1 is
offered in a received client hello message then the client wants to do initial

Since OpenSSL sends TLS_DHE_RSA_WITH_AES_128_CBC_SHA1 in its client hello
message the AP always assumes the client wants to do initial provisioning.

Anyway since I filed the bug report the Quality Assurance group is asking me for
a wpa_supplicant they can use to verify the fix.  For some reason I do not
understand they use Windows boxes as the clients.  So do you know of a
pre-compiled wpa_supplicant (and openssl if it is a separate binary on windows)
with EAP-FAST support which I could download for them?

Thank you,

---- ---- ----
Michael Reilly    michaelr at cisco.com
    Cisco Systems,  California

More information about the Hostap mailing list