Wireless Access

This does not seem to be an Aruba issue but I'm hoping someone in this community might be able to help.  I have already posted on Apple's discussion board (no help) and on Educause (no response).

Our campus wireless system (which runs on AOS 6.4.4.8) implements PEAP - MSCHAPv2 on FreeRADIUS 3.0.11 for authentication.  This is working very well now for over a year.  But during this time I have been noticing that Apple devices initiate the TLS handshake with a "Client Hello" message that declares TLS 1.0.  I have seen conflicting and confusing information about what version of TLS is supported by various versions of iOS and OS X.  I have been monitoring this situation for about a year, expecting with each new Apple update that I would see the TLS handshake improve to TLS 1.2 but it never does.

Tests with Android devices and Windows devices show that they declare for TLS 1.2 in their "Client Hello" message.  This can be seen in both the FreeRADIUS logs and in packet captures at the OS.  But tests with Macs using OS X 10.11 and with iPhones using iOS 10.2 show them declaring TLS 1.0.

Yes, Safari uses TLS 1.2  when establishing an HTTPS connection and the WWDC 2016 emphasized Apple's support of TLS 1.2 and the importance of using 1.2.  Yet I can find no evidence that Apple is supporting TLS 1.2 for 802.1X.  Mysteriously enough, even though the "Client Hello" declares TLS 1.0, the offered cipher suites include some TLS 1.2 cipher suites, e.g. 0xc027 and 0xc028.  But if FreeRADIUS is configured for ONLY TLS 1.2, as soon as it sees the "Client Hello" with 1.0, it sends an Access-Reject.  This is not an issue about the security of 1.0 vs 1.2, this is an issue about why I do not see the latest Apple software implementing  TLS 1.2 for 802.1X.

I am fairly well-versed with the FR configuration options and issues, e.g. we have always used a DH group size of 2048 bits.  So, while it is possible that I have a problem in my config, my best guess right now is that this is an issue that can only be resolved by Apple.

If you are still with me, thank you.  Does anyone see an Apple device using TLS 1.2 in any sort of 802.1X configuration?  If so, would you be willing to talk with me off-line so I can understand why you see it and I don't?  Or, does anyone have any information of reliable provenance stating what version of TLS Apple supports for 802.1X and why it doesn't support 1.2?

Apple had plans to support 1.2 by default on OS X10.11+ and iOS 9+  and many things broken when they enabled this, they decided to push it out and I haven't heard any additional rumblings of when they're going to make the switch again.

It still doesn't explain why it fails when only 1.2 is available. I'm seeing 1.0 as well.

Thank you for your reply.  It seems unanimous, everybody sees TLS 1.0, nobdy sees 1.2.  Apparently even Apple's latest releases of iOS (10.2) and OS X (10.11) do not support TLS 1.2 for 802.1X.  Just to summarize, when 802.1X uses a TLS handshake, Android and Windows support TLS 1.2, Apple only supports TLS 1.0.  Apple is silent on this issue and there is no indication of when they will support TLS 1.2 for 802.1X.

I've been testing iOS 10.3.2 to check the Client Hello sent by a iPhone 7.0 and still offering TLS 1.0. Using Windows 10 Clients I had to trick the registry to force the use of TLS 1.2 but on a iOS device I don't know if that is possible.

No, iOS 10.3.2 did not include a fix for TLS 1.2 for 802.1X.  Apple devices support only TLS 1.0.  I opened an issue with Apple's product security group on January 9, 2017, and followed up after 10.3.1 was released in April, but they still have no word on when they plan to fix this.

With the release of iOS 11.0, Apple is now supporting TLS 1.2 for 802.1X.  Attached is a screen capture from a Wireshark capture showing the TLS 1.2 Client Hello and the set of cipher suites offered.

Attachment(s)

AppleClientHello.pdf   584 KB 1 version

Thank you for the info !