07-10-2015 01:14 AM - edited 07-10-2015 01:35 AM
I have a problem with the iOS and OSX updates.
After I did these updates and can't connetct to any WPA2 enterprise 802.1x network anymore.
|Controller Model / AP Model||Aruba7210 / AP115|
The network authentication in mycase is terminating on the controller ( EAP-PEAP / mschapv2 ) and uses server group which has internal db and radius in it.
on an other network wich use captive portal L3 authentication the radius/internal db works.
According to this article : https://developer.apple.com/library/prerelease/mac
When negotiating a TLS/SSL connection with Diffie-Hellman key exchange, OS X El Capitan requires a 1024-bit group or larger. OS X El Capitan will not connect to a server that allows negotiation with a 512-bit or smaller group. These connections include:
Secure Web (HTTPS)
Enterprise Wi-Fi (802.1X)
Secure e-mail (IMAP, POP, SMTP)
Printing servers (IPPS)
Is there aleady any exisiting known issue with this ?
For info I tested this from a factory resetted iPhone and Macbook Pro.
Thank you in advance for your help
Solved! Go to Solution.
07-10-2015 05:05 AM
07-10-2015 01:39 PM
07-10-2015 01:46 PM
The factory securelogin and instant.arubanetworks.com certificates are only 1024. Those should never be used in production. You should acquire your own certificate, 2048 or higher.
07-20-2015 10:04 AM
I am seeing the factory provided certs as 2048...We actually use 2048 bit Thawte certs for our radius.
Is it safe to assume that Aruba will not field inquiries until IOS9 and OSX10.11 become official releases?
07-20-2015 10:06 AM
07-20-2015 10:20 AM
No we terminate directly to the radius servers. We are seeing similar issues with the clients not able to stay connected to the AP / network. Not sure I want to put much effort into this at this time, I was just probing on the possible cert challenge as we just renewed the server certs