Any known problems with 802.1w together with 802.1x?

Ben Greear greearb at candelatech.com
Mon Jun 1 17:27:39 EDT 2015


On 06/01/2015 01:53 PM, Ben Greear wrote:
> On 06/01/2015 01:03 PM, Jouni Malinen wrote:
>> On Mon, Jun 01, 2015 at 12:29:45PM -0700, Ben Greear wrote:
>>> We can get PMF + PSK to work fine, but when trying .1x auth, it does not
>>> work.  We have not started looking in detail yet, but I am curious if there
>>> are known limitations/problems with this config?
>>
>> Works fine in my tests and this being required for Hotspot 2.0 Rel 2, it
>> does get verified with number of driver combinations as well.
> 
> Ahhh, looks like our problem was using WPA-EAP instead of WPA-EAP-SHA256.
> When I change key-mgt to WPA-EAP-SHA256 then it works.
> 
> I'm going to add some warning to my configure widget when PMF + WPA-EAP
> is selected...

Actually, I'm having a hard time finding any info on exactly what combinations
are supposed to be valid.  It seems that PSK + PMF works, but WPA-EAP
will not work.

Should we modify supplicant to require the 256 bit version of PSK for PMF?

Or, should we modify supplicant to allow 128-bit EAP to work for PMF?

Thanks,
Ben

-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com



More information about the HostAP mailing list