New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HostAPd-WPE doesn't work with Windows 10 #1708
Comments
Comment by misterx on 11 Dec 2016 22:09 UTC
Compare the difference between success and failure to find the issue. Note: Tested with latest git from HostAPd and the problem persist. |
Comment by misterx on 11 Dec 2016 22:09 UTC Works just fine with Linux or if forwarding to a radius server (freeradius 3.0.12). Windows seems to do something different. |
Comment by misterx on 11 Dec 2016 22:09 UTC Using PEAP, right before switching to Phase 2, it seems to have an error with SSL. Log seems pretty similar up to that point. Here is the failure log (see line 396):
Here is a successful log:
|
Comment by misterx on 11 Dec 2016 22:09 UTC http://lists.infradead.org/pipermail/hostap/2016-December/036806.html |
Comment by misterx on 11 Dec 2016 22:09 UTC Might be due to MD5 used in certs. |
Comment by misterx on 11 Dec 2016 22:09 UTC Confirmed, it is due to MD5 certs. Using freeradius certs (SHA) in HostAPd worked just fine. |
Comment by misterx on 11 Dec 2016 22:09 UTC Fixed. Now there is an issue compiling with OpenSSL 1.1.0: https://mta.openssl.org/pipermail/openssl-users/2016-December/004994.html |
Comment by misterx on 11 Dec 2016 22:09 UTC See #1709 |
How can I implement freeradius certs (SHA) in HostAPd? |
This is support and is handled in the forum. MD5 was the issue, and certificates have been switched to SHA a while ago. |
Reported by misterx on 11 Dec 2016 22:09 UTC
Windows 10 (Version 10.0.14393) fails to authenticate to HostAPd-WPE (no challenge/response logged in the console). It prompts for login/password then fails after a second without prompting for the certificate.
Successful log example from an iPhone:
Unsuccessful Windows 10:
It seems to be due to TLS 1.2 according to https://supportforums.cisco.com/discussion/12704186/windows-10-november-update-version-1511-wpa2-enterprise-issues but even after disabling TLS 1.2 (and even 1.1) and recompiling, it still doesn't work.
The text was updated successfully, but these errors were encountered: