[prev in list] [next in list] [prev in thread] [next in thread]
List: hostap
Subject: Re: Questions for FIPS certification
From: Jouni Malinen <j () w1 ! fi>
Date: 2009-08-28 18:44:34
Message-ID: 20090828184434.GK27813 () jm ! kir ! nu
[Download RAW message or body]
On Wed, Jul 01, 2009 at 07:24:31AM -0500, Michael Kurecka wrote:
> We are in the process of developing an AP/Client for FIPS certification. The
> authentication methods used for EAP are at the most, TLS, TTLS and PEAP
> (MSCHAPv2). I've been asked some questions concerning this and was hoping
> this forum might be able to better provide them.
>
> 1) What TLS, TTLS and PEAP cipher suites are supported?
That depends on which TLS library is used.
> 2) Is client authentication performed during TLS (Part 1 of PEAP) ?
In most cases, PEAP is used without client authentication during TLS
(i.e., server is authenticated in Phase 1 with TLS and client in Phase 2
with username/password).
> 3) Is it possible to disable PEAPv1 and allow only PEAPv2, and if so how
> (peaplabel=2)?
PEAPv2 is not fully supported and it is currently disabled. The version
configuration would be done with peapver=2.
--
Jouni Malinen PGP id EFC895FA
_______________________________________________
HostAP mailing list
HostAP@lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic