Determining EAP-TLS cipher suite

Jouni Malinen j at w1.fi
Fri Aug 28 14:28:05 EDT 2009


On Thu, Aug 06, 2009 at 10:35:02AM -0500, Michael Kurecka wrote:
> I've been trying to determine which ciphers are used by hostapd and
> wpa_supplicant with a EAP-TLS configuration. I have a supplicant setup with
> wpa_supplicant, an authenticator setup with hostapd and connected to
> zeroshell as my authentication server (RADIUS). I've been able to determine
> which cipher the client uses in this situation, but I'm trying to better
> understand how it is determined. Which part of the system makes the
> determination of what is supported and what will be used? Is it the
> authenticator, authentication server, certificate, etc.?

If you are using hostapd as an authenticator with and external
authentication server, EAP-TLS is fully transparent to hostapd, i.e.,
the authentication server is in control here.

In TLS, the client sends a list of supported cipher suites and the
server selects which one of these to use (or rejects authentication if
none of the proposed suites are acceptable).

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list