<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi,<br>
<br>
so here's the news:<br>
<br>
Freeradius 2.2.6 fails to connect with<br>
<blockquote>May 04 17:43:03 lefay wpa_supplicant[642]: nl80211:
Unexpected encryption algorithm 5<br>
</blockquote>
Freeradius 2.2.7 just works fine.<br>
But keep in mind, in most cases people do not have access to the
wifi backend :)<br>
<br>
And as I don't know the backend of my university, I don't know
what they're using.<br>
<br>
FYI: Today i read that Arch downgraded to wpa_supplicant 2.3
referencing on this thread [1]. Initially it was reported at [2]
by someone else. Some others seem to have experienced the same
bug.<br>
<br>
Cheers<br>
Ralf<br>
<br>
[1]
<a class="moz-txt-link-freetext" href="https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/wpa_supplicant&id=7562b98bd83fe5bce43e6952e0e922e7791e18b5">https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/wpa_supplicant&id=7562b98bd83fe5bce43e6952e0e922e7791e18b5</a><br>
[2] <a class="moz-txt-link-freetext" href="https://bugs.archlinux.org/task/44740">https://bugs.archlinux.org/task/44740</a><br>
<br>
<br>
On 05/03/2015 10:32 PM, Ralf wrote:<br>
</div>
<blockquote
cite="mid:dc5c61a2f8d2083fdeeab49c64921fa7@mail.ramses-pyramidenbau.de"
type="cite">Am 2015-05-03 21:14, schrieb Jouni Malinen:
<br>
<blockquote type="cite">On Mon, Apr 27, 2015 at 06:01:43PM +0200,
Ralf Ramsauer wrote:
<br>
<blockquote type="cite">I also tried another WPA2-Enterprise
WiFi which uses TTLS/PAP instead of PEAP/MSCHAPv2 - same
problem here.
<br>
</blockquote>
<br>
Which authentication server are you using? It sounds like the
main issue
<br>
here is in interoperability issue in TLS v1.2 key derivation for
EAP.
<br>
The same derivation mechanism is used for both TTLS and PEAP.
<br>
<br>
Are you by any chance using FreeRADIUS with TLS v1.2 enabled but
before
<br>
the key derivation fix went in (March 31, 2015)? If so, that
would
<br>
explain the problem due to FreeRADIUS deriving a different MSK
when
<br>
using TLS v1.2.
<br>
</blockquote>
<br>
For the TTLS/PAP one we're using freeradius version 2.2.6.
Tommorrow i'll tell the admin to upgrade and report what happens
then.
<br>
<br>
The second one is the WiFi of my university. I have no influence
on that WiFi. I only know that they're using lots of Cisco stuff
together with Microsoft Active Directory.
<br>
<br>
<blockquote type="cite">
<br>
Newer version of wpa_supplicant just happens to trigger this by
enabling
<br>
TLS v1.2 to be negotiated, but the real fix is likely needed on
the
<br>
authentication server.
<br>
</blockquote>
<br>
I can tell you tommorrow.
<br>
<br>
Thank you
<br>
Ralf
<br>
_______________________________________________
<br>
HostAP mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:HostAP@lists.shmoo.com">HostAP@lists.shmoo.com</a>
<br>
<a class="moz-txt-link-freetext" href="http://lists.shmoo.com/mailman/listinfo/hostap">http://lists.shmoo.com/mailman/listinfo/hostap</a>
<br>
</blockquote>
<br>
</body>
</html>