Unable to connect to WPA2-Enterprise since 2.4-r1: WPA_ALG_PMK bug?
David Woodhouse
dwmw2
Tue Jul 14 13:02:11 PDT 2015
On Tue, 2015-07-14 at 21:01 +0300, Jouni Malinen wrote:
> On Sun, Jul 12, 2015 at 09:52:27AM +0100, David Woodhouse wrote:
> > The initial response was:
> >
> > "We are using Aruba ClearPass Policy Manager release 6.5.1 as our
> > RADIUS server. This release does not support TLSv1.2."
> >
> > I have showed them a packet trace which clearly shows a client
> > authenticating using EAP-TLSv1.2. And invited further comment :)
>
> Thanks. I asked Aruba and got a response that this was fixed in 6.5.2
> which I interpreted as 6.5.1 unfortunately enabling TLSv1.2 even though
> it was not "supported" and then not using the correct PRF.. Anyway, this
> issue will hopefully go away with the server upgrade.
At least for us, the server upgrade isn't planned imminently because of
issues with it ? I'm told of a vulnerability in 6.5.2, as well as the
fact that there's no easy deployment rollback.
If you have competent contacts in Aruba, please could you ask them if
it's possible to *prevent* 6.5.1 from using TLSv1.2? Either in
configuration, or a minor bugfix update without requiring users to do a
full upgrade to 6.5.2?
Thanks.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20150714/6ccb8fa8/attachment.bin>
More information about the Hostap
mailing list