The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hi,

> Now, how would I find out if the server's cipher suites are only in the
> DHE_RSA family, or maybe even older and rejected by iOS since a longer
> time? I have no idea :-)

I still don't have an idea how to get this out of the console in
real-time, but I did find this:

https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/

At least for apps, Apple has gone TLS 1.2 and only cipher suites
supoprting Perfect Forward Secrecy with ECDHE.

For RADIUS servers/SSL implementations supporting only TLS 1.0 (and the
associated "ye olde" cipher suites, chances are good that iOS may just
say No.

Apparently this isn't generally true, because I know of many older
FreeRADIUS servers which cater for iOS 9 still (and after all, the EAP
supplicant isn't an "App" anyway), but it may be a game of having a
slightly different version of OpenSSL behind so that the one common
cipher suite exists or not.

Anyway... the solution path is clearly towards upgrading FreeRADIUS (and
maybe also openSSL if it is a cipher suite problem), and I don't think
it makes much more sense investigating this issue even more in-depth at
this point.

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature