On Fri, 24 Mar 2023, at 18:41, Alexander Clouter wrote: > On Fri, 24 Mar 2023, at 17:51, Heikki Vatiainen wrote: >> The implementation was done based on the RFC and the draft but required >> tailoring to make it interoperable with wpa_supplicant's eapol_test with >> certain configurations, but that wasn't the main concern. > > If you are using eapol_test prior to a few TEAP patches (reversed EAP-FAST > MSK calculation and ordering of the Cryptobinding processing) then it should > just work out the box.
...rather *after* the patches were applied to hostapd, commits: * f791b5bbc7ec65403506dd62cf3220b98b0e0217 - Process Crypto-Binding TLV before EAP Payload TLV * 5a9bd8a06a110fa77e63f497ba165a018a2a3415 - Use EAP-FAST-MSCHAPv2 in the tunnel Commit 1a800a940042dab21f8f094f73b76a46a1b6478b used to be needed to talk to Win11...without triggering an RCE https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21539
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
