Skip to Content.

geteduroam - Re: Findings

Subject: An open discussion list for topics related to the geteduroam service

List archive

Re: Findings

Chronological Thread 
  • From: Paul Dekkers <paul.dekkers AT>
  • To: Wenche Backman-Kamila <wenche.backman-kamila AT>, geteduroam AT
  • Subject: Re: Findings
  • Date: Fri, 12 Mar 2021 13:13:35 +0100
  • Arc-authentication-results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VdOe/E8DqtLQr3wrVAUSCCUcJnw4FaUgLmB9PC5LZAo=; b=IgQhlcQ4pX25OiwN/piD9wn/eqA00Q9PtFmBrgvmTbRQFpKGXpv4h2inq/fj2jzf0pQ3eRsOdaGgXlluxsg1neUiweThvqig7eeOXQ1FnKO46pxrQpH+fyyTrSFZf+mvcNmDzwmqYEWqoCN8maDyKwhE9UIuuIvbJRztEupzvT8Tpsk4cR9oejrPcb0gkgxHkyZAYEMKfhKqklR1zqaSrf9t/P/uKjncuwi5FSKiiZFPSWz52e2PcujqcHrNC7a+NJ/nDVC1TwqND3YA/UrAG9XVcLPcNhztMin4squYfEa7m/E4aRQ3UUeYWRH3nboWJMt82tK6FYUX33Vs+XFz3A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=ISEaP48U4jR1DO0EYubdmva2uevvoBapKY8bgCJeG+jMdhqE4DlKB8QYLLm7NJHVOF9KOWDuB6K+jt7SJqCNNAcY7cSF6mn9DAw8TGHPEcliJjSyObuElbWf58YTefk0usVopYbzC4ubvTUyNVZK4VpUbqAHtuWS01Mq81yuvdcl6rqyWgo7B6E8RMOnYo2NVVrA7kMmiR7s3XQQ2OBT03ITEPKonaaPJEeKjGp/NYkLzQ2aVCceaDAQex86B3RkWlGDUUoimuRO8N9SbVl3OdKtTwTie94R1lpwzrMYWWMofpP6zMw67ZgiQ2q1Hj4LbogJzRBo6ZejKy8C09HHBQ==
  • Authentication-results:; dkim=none (message not signed) header.d=none;; dmarc=none action=none;

Hi Wenche,

@list; for people that are unaware of the "hosted version" Wenche is talking about, this hasn't been advertised here yet (I think) but a bit more can be found at:

Basically, it allows you to connect an eduGAIN IdP to a hosted version of a pseudo-account service for geteduroam (comparable to and complementing the managed IdP, with eduroam credential creation based on eduGAIN authentication instead of invites).

On 12/03/2021 12:03, Wenche Backman-Kamila wrote:
1294031521.7589101.1615546999290.JavaMail.zimbra AT">

While taking geteduroam into use we'd like to report the following:

- You seem to use old crypto (CBC) for ''. Is it possible to support also modern GCM crypto. We had to make an exception for this entity ID to make it work, but it works now.

Of course! We do support GCM, but *also* CBC, I think that's where the problem is? Do you have a pointer to eduGAIN guidelines for this, if there are any? I wasn't aware about a requirement.

And I'm afraid I looked no further than the A+ rating of ssllabs that we already had ;-) We still are A+, but with less ciphers. Hope this works out better.

1294031521.7589101.1615546999290.JavaMail.zimbra AT">
- CSC has been added to the institution list on Windows 10, but I cannot see CSC in the institution list in Android 10 (tested with both Samsung and Motorola). How come?

We actually improved the metadata creation very recently to reduce stale sessions in cache; I myself see CSC (with 2 profiles) on Android. Don't you?


  • Findings, Wenche Backman-Kamila, 03/12/2021
    • Re: Findings, Paul Dekkers, 03/12/2021

Archive powered by MHonArc 2.6.19.

Top of Page