Problems with EAP-TTLS/EAP-TLS - One Step further

Carolin Latze carolin.latze at unifr.ch
Fri Oct 31 10:02:40 EDT 2008



Alan DeKok wrote:
> Jouni Malinen wrote:
>   
>> I cannot reproduce the same error. However, I do see issues with
>> FreeRADIUS 2.1.1 when using its default fragment_size setting (in
>> eap.conf). If I set fragment_size to 2048, I can complete authentication
>> with eapol_test. With fragment_size 1024 (and my certificate size..)
>> EAP-TLS seems to fail in all cases 
>>     
Jouni, what is your certificate size? My keys are 1024 bit keys. I tried
to set the fragment size to 2048, but that didn't help. I tested with
2.1.1 and 2.1.2. EAP-TLS works also with a fragmen_size of 1024 with the
same certificates.

>
>   Ugh.  Can you mail me the certificates you're using?  I don't see this
> in my tests, which may mean the certificates I'm using are small.
>
>   Alan DeKok.
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>   

-- 
Carolin Latze
Research Assistant			ICT Engineer

Department of Computer Science		Swisscom Strategy and Innovation
Boulevard de Pérolles 90		Ostermundigenstrasse 93
CH-1700 Fribourg      			CH-3006 Bern
	
phone: +41 26 300 83 30			+41 79 72 965 27
homepage: http://diuf.unifr.ch/people/latzec




More information about the HostAP mailing list