Hi Tuure, we use PEAP-TLS, EAP-PEAP as outer EAP type with EAP-TLS as inner. Not sure if the outher EAP-PEAP adds any real security as the Radiator cert is the same one for both types as it only hides the transmission of the user cert which can be classified like a public key imho.
I've already tuned the EAPTLS_MaxFragmentSize to have as few roundtrips as possible (1350 for the outer PEAP and 1300 for the inner EAP-TLS). You see how I calculate the response_time in my email yesterday. Best regards, Alex On 2016-03-30 13:27, Tuure Vartiainen wrote: > Hi, > >> On 30 Mar 2016, at 14:13, Hartmaier Alexander >> <alexander.hartma...@t-systems.at> wrote: >> >> yes this is the total auth time. Is one second a usual value for a >> PEAP-TLS auth? >> > just out of curiosity, how do you calculate the total auth time? > > An EAP authentication takes around 4-10 round-trips depending on > an EAP method and an amount of (certificate) data transferred. > > If you time the authentication from the receive time of the first > Access-Request > to the final Access-Accept, your total time also includes transmission > delays of those EAP round-trips between an EAP supplicant and Radiator. > > Does PEAP-TLS mean, that you are using EAP-PEAP with EAP-TLS as an innner EAP > method > or EAP-PEAP with EAP-MSCHAPv2? > > > BR *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
