Security

 View Only

  • 1.  Clearpass 6.12 and TLS 1.3

    Posted Nov 20, 2024 05:20 AM

    Hi!

    I upgraded from Clearpass 6.9 to 6.12 last month. Everything worked fine, as expected. But we've had a few cases where Windows 11 BYOD devices can't log on to our 802.1x SSID. 

    The access log says: RADIUS     EAP: Client doesn't support configured EAP methods

    The BYOD devices that were already connected before the upgrade, could still connect.

    Haven't bothered to much about it untill today, where lots of googling and trial and error turned me to TLS1.3. When I dsabled TLS1.3 from Cluster Wide Settings, they connect again just fine. 

    But I fail to see why? If CPPM now support TLS1.3, why can't my Windows 11 clients connect? I'm sure there's an easy explanation, but I can't see it.

    This link is a bit dubious, though. https://www.arubanetworks.com/techdocs/ClearPass/6.12/PolicyManager/Content/CPPM_UserGuide/Cipher Suites/Ciphers_TLS.htm

    Thanks.



  • 2.  RE: Clearpass 6.12 and TLS 1.3

    Posted Nov 20, 2024 11:34 AM

    Because Windows doesn't handle the connection with TLS 1.3 the same as with TLS 1.2.

    https://learn.microsoft.com/en-us/windows-server/networking/technologies/extensible-authentication-protocol/windows-11-changes



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


Related Content