We have detected a number of issues in the Eduroam service with the
latest Windows 11 22H2 that are related with the newly
enabled-by-default usage of TLS v1.3 for EAP-TTLS and PEAP. This
problems have been detected by other Eduroam providers:
https://lists.geant.org/sympa/arc/cat-users/2022-10/msg00040.html
It seems that only the newest Freeradius v3.0.26 and v3.2.0+ support TLS
v1.3 correctly and since Windows 11 22H2 has now enabled TLS v1.3 by
default also for EAP-TTLS and PEAP, the issue started emerging and
diffusing quickly as the Windows update started being rolled out to users.
So this is becoming a big issue for those Eduroam providers that run
Freeradius on Debian and it would be great to have the 3.0.26 necessary
patches migrated to the stable package.
Thanks in advance.
Kind regards,
--
Rafael Varela Pet
Subdirector de Infraestructuras
Área de Tecnoloxías da Información e Comunicacións
Universidade de Santiago de Compostela
15782 Santiago de Compostela
https://www.usc.gal/atic
