Any known problems with 802.1w together with 802.1x?
greearb at candelatech.com
Tue Jun 9 20:03:27 EDT 2015
On 06/07/2015 06:33 AM, Jouni Malinen wrote:
> On Sat, Jun 06, 2015 at 08:39:53AM -0700, Ben Greear wrote:
>> I had debugged this problem some last year:
>> If the key version is 3, and we are using 128bit SHA, then supplicant
>> fails the connections.
> I don't know what to say about that.. Key Descriptor Version 3 indicates
> that SHA256-based KDF is used, so the combination of 128-bit SHA (==
> SHA1 ?) and version 3 does not exist..
>> I can set up this test case again and post the hostapd and supplicant
>> config files next week.
> Yes, please. I'd need to see what the exact configuration is since I
> cannot convert that previous note to any configuration.
Well, I cannot reproduce this problem against hostapd now, though we still
see the issue when running against a third-party AP...maybe it has it's own
I remember having quite a bit of problems with getting this all to work last year,
and at the time, I put in special code to enforce 256-bit EAP when
.11w was set to 2. That was why normal EAP was failing a few days
ago. Maybe this was always some sort of bug in my logic,
or maybe whatever was the issue in hostapd has since been fixed.
I have relaxed that constraint in my system and now WPA-EAP works fine
with PMF set to enforcing mode.
Thanks for the help.
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the HostAP