Questions for FIPS certification
Jouni Malinen
j
Fri Aug 28 11:44:34 PDT 2009
On Wed, Jul 01, 2009 at 07:24:31AM -0500, Michael Kurecka wrote:
> We are in the process of developing an AP/Client for FIPS certification. The
> authentication methods used for EAP are at the most, TLS, TTLS and PEAP
> (MSCHAPv2). I've been asked some questions concerning this and was hoping
> this forum might be able to better provide them.
>
> 1) What TLS, TTLS and PEAP cipher suites are supported?
That depends on which TLS library is used.
> 2) Is client authentication performed during TLS (Part 1 of PEAP) ?
In most cases, PEAP is used without client authentication during TLS
(i.e., server is authenticated in Phase 1 with TLS and client in Phase 2
with username/password).
> 3) Is it possible to disable PEAPv1 and allow only PEAPv2, and if so how
> (peaplabel=2)?
PEAPv2 is not fully supported and it is currently disabled. The version
configuration would be done with peapver=2.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list