On May 19, 2023, at 5:23 PM, Robert Senger <robert.senger@xxxxxxxxxxxxxxxxxxxxx> wrote: > > The "WPA 3 Specification Version 3.0" Document from Wi-Fi Alliance > says: "A WPA3 STA shall perform server certificate validation when > using EAP-TTLS, EAP-TLS, EAP-PEAPv0 or EAP-PEAPv1 EAP methods." > > So, at least these methods seem to be allowed by the specs. Yeah. In practice, if an EAP method provides encryption keys, then it should work. i.e. EAP-PWD. Even TLS-PSK should work. This standard is for supplicants, and suggests how they should behave. It doesn't affect the function of 802.1X, which is defined by the IEEE. > Nevertheless, iPhone fails after entering username/password (it's > always a pain to connect iOS devices to enterprise networks), Windows > 11 only offers Smartcard or EAP-TLS (had no luck with that so far, > despite client certificate installed). Debugging EAP issues is no fun. Alan DeKok. _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
