[RADIATOR] Apple iOS 9 and OS X El Capitan

Heikki Vatiainen hvn at open.com.au
Sun Jul 26 04:06:11 CDT 2015


On 07/25/2015 04:28 PM, Nick Lowe wrote:

> Well, just as a point of related interest, FreeRADIUS had an issue
> where the MPPE key was incorrectly calculated for TLS 1.2:
> 
> https://github.com/FreeRADIUS/freeradius-server/commit/bdff82cdc5bbd6e9079be4b11f0adc27fa994416
> 
> FreeRADIUS 2.2.6 and 3.0.7 don't work with iOS 9 unless TLS 1.2 is
> disabled server side.

Thanks for the pointer. Was this discovered with iOS 9 or are there
other devices too that support TLSv1.2 with EAP? We don't have iOS 9
betas available, so it would be useful to know if there are other
clients we could try.

We have used recent eapol_test versions since they now provide the
options to specify the TLS version and cipher suites. If the MPPE key
attributes do not match the values the client expects, it will complain.
No complaints were seen, but we did not try very old Net::SSLeay
versions either, so the problem might be visible there, as David's
findings hint.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list