Hi,
I spent 2x entire days working with hostap and I am able now to make lot
of things working as I would like..
First time I am creating a PKI infrastructure so I am still learning on
this side.
My first question is "conceptual" regarding encryption in case of
EAP-TLS / 802.11x:
No issue regarding how authentication works with certificates, it is
more on the encryption where it uses CCMP but I am wondering which
method is used as it is not using a PSK anymore, what is used to encrypt
message for CCMP? Encrypted by certificates and dynamics keys on each side?
Just to double check that:
wpa_key_mgmt=WPA-EAP
wpa=2
wpa_pairwise=CCMP
rsn_pairwise=CCMP
ieee8021x=1
is correct configuration? Is wpa=2 still needed? (I guess yes to use CCMP)
My second question is regarding enforcing security as much as I can, I
am using:
macaddr_acl=1
auth_algs=1
eapol_version=2
check_crl=2
ieee80211w=2
wpa_key_mgmt=WPA-EAP-SHA256
Regarding the last option (WPA-EAP-SHA256) I don't understand exactly
where (ciphers?algorithm?) SHA256 is used? I am confused and don't see
where this is applied and used in the different security mechanisms...
I have generated a bigger DH parameter file and use the dh_file option
but I don't think it is used when I am analyzing it through a packet
capture..any idea why?
Any other thing I can think about to get the "best secured" system?
A huge thanks for your help :)
belette
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap