Unable to connect to WPA2-Enterprise since 2.4-r1: WPA_ALG_PMK bug?
dwmw2 at infradead.org
Tue Jul 14 16:02:11 EDT 2015
On Tue, 2015-07-14 at 21:01 +0300, Jouni Malinen wrote:
> On Sun, Jul 12, 2015 at 09:52:27AM +0100, David Woodhouse wrote:
> > The initial response was:
> > "We are using Aruba ClearPass Policy Manager release 6.5.1 as our
> > RADIUS server. This release does not support TLSv1.2."
> > I have showed them a packet trace which clearly shows a client
> > authenticating using EAP-TLSv1.2. And invited further comment :)
> Thanks. I asked Aruba and got a response that this was fixed in 6.5.2
> which I interpreted as 6.5.1 unfortunately enabling TLSv1.2 even though
> it was not "supported" and then not using the correct PRF.. Anyway, this
> issue will hopefully go away with the server upgrade.
At least for us, the server upgrade isn't planned imminently because of
issues with it — I'm told of a vulnerability in 6.5.2, as well as the
fact that there's no easy deployment rollback.
If you have competent contacts in Aruba, please could you ask them if
it's possible to *prevent* 6.5.1 from using TLSv1.2? Either in
configuration, or a minor bugfix update without requiring users to do a
full upgrade to 6.5.2?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5691 bytes
Desc: not available
More information about the HostAP