Any known problems with 802.1w together with 802.1x?
greearb at candelatech.com
Mon Jun 1 17:27:39 EDT 2015
On 06/01/2015 01:53 PM, Ben Greear wrote:
> On 06/01/2015 01:03 PM, Jouni Malinen wrote:
>> On Mon, Jun 01, 2015 at 12:29:45PM -0700, Ben Greear wrote:
>>> We can get PMF + PSK to work fine, but when trying .1x auth, it does not
>>> work. We have not started looking in detail yet, but I am curious if there
>>> are known limitations/problems with this config?
>> Works fine in my tests and this being required for Hotspot 2.0 Rel 2, it
>> does get verified with number of driver combinations as well.
> Ahhh, looks like our problem was using WPA-EAP instead of WPA-EAP-SHA256.
> When I change key-mgt to WPA-EAP-SHA256 then it works.
> I'm going to add some warning to my configure widget when PMF + WPA-EAP
> is selected...
Actually, I'm having a hard time finding any info on exactly what combinations
are supposed to be valid. It seems that PSK + PMF works, but WPA-EAP
will not work.
Should we modify supplicant to require the 256 bit version of PSK for PMF?
Or, should we modify supplicant to allow 128-bit EAP to work for PMF?
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the HostAP