EAP-TLS too fast?
Andrea G Forte
andreaf at cs.columbia.edu
Wed Feb 8 12:02:58 EST 2006
I have setup a RADIUS server (freeradius) with hostapd 0.4.7 and
wpa_supplicant 0.4.7. Both the last two use hostap-driver 0.4.7.
I am using EAP-TLS (client and server certificates generated by the
CA.all script included in freeradius) with RSN (CCMP). I am not sure if
something is wrong in the authentication process. The problem is that it
is taking too little time for the authentication process to complete. In
the attached file you can see one authentication process captured using
kismet and then parsed with Ethereal. As you can see the time from
Assoc. resp to the first encrypted data packet is only 222 msec. About a
year ago it was of the order of one second (and all the literature says
so). Has WPA2 improved the authentication time so much? Am I doing
something wrong in setting up EAP-TLS in the wpa_supplicant?
This is the relevant entry in wpa_supplicant.conf:
Another thing is that the supplicant sends the following packet twice:
TLS Certificate, Client Key Exchange, Certificate Verify, Change
Cipher Spec, Encrypted Handshake Message
and also the "server hello" is sent twice. Is this the correct behavior?
This overlaps a little with freeradius, so I am not sure if this is
offtopic for this list. If you feel it is, my apologies.
Your help is always very much appreciated.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the HostAP