Unable to connect to WPA2-Enterprise since 2.4-r1: WPA_ALG_PMK bug?

Ralf ralf+hostap
Sun May 3 13:32:57 PDT 2015


Am 2015-05-03 21:14, schrieb Jouni Malinen:
> On Mon, Apr 27, 2015 at 06:01:43PM +0200, Ralf Ramsauer wrote:
>> I also tried another WPA2-Enterprise WiFi which uses TTLS/PAP instead 
>> of PEAP/MSCHAPv2 - same problem here.
> 
> Which authentication server are you using? It sounds like the main 
> issue
> here is in interoperability issue in TLS v1.2 key derivation for EAP.
> The same derivation mechanism is used for both TTLS and PEAP.
> 
> Are you by any chance using FreeRADIUS with TLS v1.2 enabled but before
> the key derivation fix went in (March 31, 2015)? If so, that would
> explain the problem due to FreeRADIUS deriving a different MSK when
> using TLS v1.2.

For the TTLS/PAP one we're using freeradius version 2.2.6. Tommorrow 
i'll tell the admin to upgrade and report what happens then.

The second one is the WiFi of my university. I have no influence on that 
WiFi. I only know that they're using lots of Cisco stuff together with 
Microsoft Active Directory.

> 
> Newer version of wpa_supplicant just happens to trigger this by 
> enabling
> TLS v1.2 to be negotiated, but the real fix is likely needed on the
> authentication server.

I can tell you tommorrow.

Thank you
   Ralf



More information about the Hostap mailing list