On freeradius does it use the size of the key or do you have to specify
somewhere?
When I put in a dh key that is 2048 and run in debug mode I see the
following
Tue Sep 15 09:30:18 2015 : Debug: Module: Instantiating eap-tls
Tue Sep 15 09:30:18 2015 : Debug: tls {
Tue Sep 15 09:30:18 2015 : Debug: rsa_key_exchange = no
Tue Sep 15 09:30:18 2015 : Debug: dh_key_exchange = yes
Tue Sep 15 09:30:18 2015 : Debug: rsa_key_length = 512
Tue Sep 15 09:30:18 2015 : Debug: dh_key_length = 512
But I verified the file itself.
[root@aaa-maccvm-05 certs]# openssl dhparam -in dh -text -noout
PKCS#3 DH Parameters: (2048 bit)
------------------------
Walter Reynolds
Principal Systems Security Development Engineer
Information and Technology Services
University of Michigan
(734) 615-9438
On Mon, Sep 14, 2015 at 8:43 AM, Christopher Michael Allison <
chris.m.alli...@siu.edu> wrote:
> Actually, We Upgraded to FreeRadius 2.2.8 to solve some issues with iOS9.
> We have been using a 2048 bit Diffie-Hellman. And it is a must do ASAP as
> when it rolls out official you will have issues with clients connecting.
> Also if you aren't on FreeRadius 2.2.7 or higher you will run into the same
> issues that we did. Radius will answer the iOS9 clients TLS v1.2 Hello but
> can't transmit anything back to it so the client will never authenticate.
>
> Thanks,
>
> CHRISTOPHER ALLISON
> Network Engineer I
>
> Information Technology
> Mail Code 4622
> 625 Wham Drive
> Carbondale, Illinois 62901
>
> chris.m.alli...@siu.edu
> P: 618 / 453 - 8415
> F: 618 / 453 - 5261
> INFOTECH.SIU.EDU
>
>
>
> "Choose a job you love, and you will never have to work a day in your
> life."
> Confucius
>
> ________________________________________
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Bruce Curtis <
> bruce.cur...@ndsu.edu>
> Sent: Sunday, September 13, 2015 6:14 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] FreeRADIUS Diffie-Hellman Keys and iOS9
>
> We just upgraded to 2048 bit Diffie-Helman won September 3. We had a
> person come to the help desk with a Chromebook that stopped connecting to
> the wireless on September 1, after an OS update. We had been using a 512
> bit Diffie Helman key.
>
>
>
> 2015-09-03T18:01:36.709399+00:00 NOTICE wpa_supplicant[472]: OpenSSL:
> openssl_handshake - SSL_connect error:14082174:SSL
> routines:ssl3_check_cert_and_algorithm:dh key too small
>
> On Sep 11, 2015, at 4:55 PM, Curtis K. Larsen <curtis.k.lar...@utah.edu>
> wrote:
>
> > Hello,
> >
> > Are any other FreeRADIUS users planning to upgrade to 2048 bit
> Diffie-Hellman keys before the iOS9 release? Just came across these and
> thinking it's a must do ASAP:
> >
> > https://support.apple.com/en-us/HT204932
> >
> https://community.jisc.ac.uk/blogs/8021x-clients-and-radius-server-supporting-bigger-diffie-hellman-dh-keys
> >
> >
> > Thanks,
> >
> > Curtis Larsen
> > University IT/CIS
> > Sr. Network Engineer
> >
> >
> >
> > **********
> > Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
> ---
> Bruce Curtis bruce.cur...@ndsu.edu
> Certified NetAnalyst II 701-231-8527
> North Dakota State University
>
> **********
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
> **********
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
