EAP-TLS and TLS Session reuse in 0.7.3
Phillips, Owain
owain.phillips
Thu Apr 5 03:16:57 PDT 2012
Hi J,
Find attached the patch I applied to wpa_supplicant to disable TLS session reuse.
All the best,
Owain
From: Phillips, Owain
Sent: 02 April 2012 13:13
To: 'j at w1.fi'
Cc: 'hostap at lists.shmoo.com'
Subject: FW: EAP-TLS and TLS Session reuse in 0.7.3
Hi Mr.Malinen,
I understand you are very busy but I wondered if you had commented on my post.
Kind Regards,
Owain.
From: Phillips, Owain
Sent: 29 March 2012 13:35
To: 'hostap at lists.shmoo.com'
Subject: EAP-TLS and TLS Session reuse in 0.7.3
Hi,
I am using EAP-TLS on wpa_supplicant 0.7.3 with Cisco ACS 5.2.
I am seeing the WPA_Supplicant offer a session ticket in the TLS exchange.
I would like to disable the session reuse and prevent the wpa_supplicant from offering session reuse in its Client Hello but how?
I tried using the "fast_reauth=0" configuration option, but this appeared not to stop the TLS extension being sent in the hello. (is this only relevant for EAP-FAST?)
I then patched the wpa_supplicant adding the call to SSL_CTX_set_options( SSL_OP_NO_TICKET) for the SSL context. This appears to have worked, but I know this is not the right way to go about things; I really want to use the unadulterated vanilla wpa_supplicant.
What is the correct way to ensure that we DON't use TLS session reuse with wpa_supplicant?
I am using openSSL 0.9.8q-2 SSL libraries.
All the best,
Owain
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20120405/03fd4585/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0.7.3NoSessionReuse.patch
Type: application/octet-stream
Size: 545 bytes
Desc: 0.7.3NoSessionReuse.patch
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20120405/03fd4585/attachment-0001.obj
More information about the Hostap
mailing list