I have the iOS 9 beta on my phone and I was unable to connect to any 802.1x networks. I have OS 10.11 on my laptop, but I haven't brought it to campus yet.
I can confirm that the issue was TLS v1.2 support in our RADIUS servers. Upgrading the RADIUS software and dependencies, along with adding a new line to the configuration fixed the issue. We were already using a 4096-bit cert. We don't terminate any 802.1x on our Aruba controllers, but I heard it does not support TLS v1.2 either. I don't know if or when that will be fixed if it hasn't been already. Christopher Howard Associate Director, Network Engineering University of Tennessee at Chattanooga christopher-how...@utc.edu From: Andrew Moskowitz <a...@gwu.edu<mailto:a...@gwu.edu>> Reply-To: "a...@gwu.edu<mailto:a...@gwu.edu>" <a...@gwu.edu<mailto:a...@gwu.edu>> Date: Monday, July 27, 2015 at 9:00 AM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: Re: [WIRELESS-LAN] Apple OSX 10.11 beta One more piece of information : we also run Aruba ClearPass, and our Apple Engineer contact told us that the issue is support for TLS v1.2 - its now "included" in iOS 9 & OSX 10.11 On Mon, Jul 27, 2015 at 8:48 AM, Lee H Badman <lhbad...@syr.edu<mailto:lhbad...@syr.edu>> wrote: I'm polling our Apple adventurists on this. I did talk to one valued colleague who said he ran 10.11 for a bit on one machine and had no issues on our WPA2 Cisco campus networks. He's going to build another test machine and try it again, and hopefully I'll hear from at least a couple of other bleeding edgers on this end. Lee Badman | Network Architect Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003<tel:315.443.3003> f 315.443.4325<tel:315.443.4325> e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu<http://its.syr.edu> SYRACUSE UNIVERSITY syr.edu<http://syr.edu> -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Julian Y Koh Sent: Monday, July 27, 2015 8:01 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Apple OSX 10.11 beta On Mon Jul 27 2015 01:27:57 CDT, Jason Cook <jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>> wrote: > > Also seems worth noting that certs will need to be 1024bit. Our certs are > 1024 so expecting that to be ok for us > http://superuser.com/questions/935756/mac-os-el-capitan-10-11-not-able-to-connect-to-wifiwpa-2-enterprise > Note that the certificate bit length is different from the Diffie-Hellman group bit length; the latter is what is referred to in that document. Also worth noting is that there are other Apple documents that say that OS X 10.10.4 and iOS 8.4 require a 2048-bit DH group, so there appears to be some discrepancy at least in the docs. We had to upgrade both ClearPass (6.5.2 plus a patch) and our Aruba controller code (6.4.2.9) to get both iOS 9 and OS X 10.11 to work with our 802.1X network. -- Julian Y. Koh Associate Director, Telecommunications and Network Services Northwestern University Information Technology (NUIT) 2001 Sheridan Road #G-166 Evanston, IL 60208 847-467-5780 NUIT Web Site: <http://www.it.northwestern.edu/> PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
