Unable to connect to WPA2-Enterprise since 2.4-r1: WPA_ALG_PMK bug?

Jouni Malinen j at w1.fi
Sun May 3 15:14:44 EDT 2015


On Mon, Apr 27, 2015 at 06:01:43PM +0200, Ralf Ramsauer wrote:
> I also tried another WPA2-Enterprise WiFi which uses TTLS/PAP instead of PEAP/MSCHAPv2 - same problem here.

Which authentication server are you using? It sounds like the main issue
here is in interoperability issue in TLS v1.2 key derivation for EAP.
The same derivation mechanism is used for both TTLS and PEAP.

Are you by any chance using FreeRADIUS with TLS v1.2 enabled but before
the key derivation fix went in (March 31, 2015)? If so, that would
explain the problem due to FreeRADIUS deriving a different MSK when
using TLS v1.2.

Newer version of wpa_supplicant just happens to trigger this by enabling
TLS v1.2 to be negotiated, but the real fix is likely needed on the
authentication server.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list