Any known problems with 802.1w together with 802.1x?
greearb at candelatech.com
Sat Jun 6 11:39:53 EDT 2015
On 06/06/2015 07:13 AM, Jouni Malinen wrote:
> On Mon, Jun 01, 2015 at 02:27:39PM -0700, Ben Greear wrote:
>> Actually, I'm having a hard time finding any info on exactly what combinations
>> are supposed to be valid. It seems that PSK + PMF works, but WPA-EAP
>> will not work.
> I'm not sure what you mean with "WPA-EAP will not work". WPA-EAP works
> fine with PMF.
>> Should we modify supplicant to require the 256 bit version of PSK for PMF?
> No, there is no such requirement.
>> Or, should we modify supplicant to allow 128-bit EAP to work for PMF?
> What do you mean with "128-bit EAP"? If that is referring to using SHA-1
> -based AKM, wpa_supplicant already allows this.
I had debugged this problem some last year:
If the key version is 3, and we are using 128bit SHA, then supplicant
fails the connections.
I can set up this test case again and post the hostapd and supplicant
config files next week.
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the HostAP