Unable to connect to WPA2-Enterprise since 2.4-r1: WPA_ALG_PMK bug?

David Woodhouse dwmw2 at infradead.org
Tue Jul 14 16:02:11 EDT 2015

On Tue, 2015-07-14 at 21:01 +0300, Jouni Malinen wrote:
> On Sun, Jul 12, 2015 at 09:52:27AM +0100, David Woodhouse wrote:
> > The initial response was:
> > 
> >   "We are using Aruba ClearPass Policy Manager release 6.5.1 as our 
> >    RADIUS server. This release does not support TLSv1.2."
> > 
> > I have showed them a packet trace which clearly shows a client
> > authenticating using EAP-TLSv1.2. And invited further comment :)
> Thanks. I asked Aruba and got a response that this was fixed in 6.5.2
> which I interpreted as 6.5.1 unfortunately enabling TLSv1.2 even though
> it was not "supported" and then not using the correct PRF.. Anyway, this
> issue will hopefully go away with the server upgrade. 

At least for us, the server upgrade isn't planned imminently because of
issues with it — I'm told of a vulnerability in 6.5.2, as well as the
fact that there's no easy deployment rollback.

If you have competent contacts in Aruba, please could you ask them if
it's possible to *prevent* 6.5.1 from using TLSv1.2? Either in
configuration, or a minor bugfix update without requiring users to do a
full upgrade to 6.5.2?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20150714/6ccb8fa8/attachment.bin>

More information about the HostAP mailing list