Unable to connect to WPA2-Enterprise since 2.4-r1: WPA_ALG_PMK bug?
Ralf
ralf+hostap
Sun May 3 13:32:57 PDT 2015
Am 2015-05-03 21:14, schrieb Jouni Malinen:
> On Mon, Apr 27, 2015 at 06:01:43PM +0200, Ralf Ramsauer wrote:
>> I also tried another WPA2-Enterprise WiFi which uses TTLS/PAP instead
>> of PEAP/MSCHAPv2 - same problem here.
>
> Which authentication server are you using? It sounds like the main
> issue
> here is in interoperability issue in TLS v1.2 key derivation for EAP.
> The same derivation mechanism is used for both TTLS and PEAP.
>
> Are you by any chance using FreeRADIUS with TLS v1.2 enabled but before
> the key derivation fix went in (March 31, 2015)? If so, that would
> explain the problem due to FreeRADIUS deriving a different MSK when
> using TLS v1.2.
For the TTLS/PAP one we're using freeradius version 2.2.6. Tommorrow
i'll tell the admin to upgrade and report what happens then.
The second one is the WiFi of my university. I have no influence on that
WiFi. I only know that they're using lots of Cisco stuff together with
Microsoft Active Directory.
>
> Newer version of wpa_supplicant just happens to trigger this by
> enabling
> TLS v1.2 to be negotiated, but the real fix is likely needed on the
> authentication server.
I can tell you tommorrow.
Thank you
Ralf
More information about the Hostap
mailing list