Any known problems with 802.1w together with 802.1x?

Ben Greear greearb at candelatech.com
Sat Jun 6 11:39:53 EDT 2015



On 06/06/2015 07:13 AM, Jouni Malinen wrote:
> On Mon, Jun 01, 2015 at 02:27:39PM -0700, Ben Greear wrote:
>> Actually, I'm having a hard time finding any info on exactly what combinations
>> are supposed to be valid.  It seems that PSK + PMF works, but WPA-EAP
>> will not work.
>
> I'm not sure what you mean with "WPA-EAP will not work". WPA-EAP works
> fine with PMF.
>
>> Should we modify supplicant to require the 256 bit version of PSK for PMF?
>
> No, there is no such requirement.
>
>> Or, should we modify supplicant to allow 128-bit EAP to work for PMF?
>
> What do you mean with "128-bit EAP"? If that is referring to using SHA-1
> -based AKM, wpa_supplicant already allows this.

I had debugged this problem some last year:

"
If the key version is 3, and we are using 128bit SHA, then supplicant
fails the connections.
"

I can set up this test case again and post the hostapd and supplicant
config files next week.

Thanks,
Ben


-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com


More information about the HostAP mailing list