*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be
privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
--- Begin Message ---
You guys rock!
Your fast actions to user feature requests and general IT trends are
amazing!
Cheers, Alex
On 2014-09-26 10:50, Sami Keski-Kasari wrote:
> Hello all,
>
> we have now added RSA2048/SHA256 and ECDSA(curve secp256r1)/SHA256 test
> certificates to Radiator 4.13 patches.
>
> RSA2048/SHA256 certificates requires OpenSSL that includes SHA2 in
> SSL_library_init() or [1]. Please note that certificates are now longer
> which means when using them, for example, with PEAP there will be more
> EAP fragments. Some access points might have problems with them, so if
> you have not yet adjusted EAPTLS_MaxFragmentSize you may need to do so.
>
> ECDSA(curve secp256r1)/SHA256 certificates require OpenSSL 1.0.0 or
> newer. For ephemeral EC keying Radiator patch dated 2014-09-25 and
> Net-SSLeay 1.58 or newer is required. This may be interesting for long
> lived sessions, such as RadSec links.
>
> We have tested that Radiator supports ECDSA certificates in all SSL/TLS
> related operations including RadSec, Diameter, PEAP, EAP-TTLS, EAP-TLS, etc.
>
> Client support for ECDSA certificates seems to be widely available.
> Mobile platforms such as Android version starting 4.1.2, iOS7/8 and WP8
> support ECDSA certificates according to our tests. Windows 7 and modern
> Linux based distributions seem to be working also.
>
> If you are encountering fragmentation problems with RSA2048/SHA256
> certificates, ECDSA certificates might be a worth trying as they are
> significantly shorter.
>
> Configuration examples for EAPs, RadSec, Diameter, etc. will be updated
> today.
>
> [1] SHA-256 support can be made to work with Net-SSLeay 1.46 which
> supports OpenSSL_add_all_algorithms() and a one line addition to
> Radiator to call this function.
>
> Best Regards,
> Sami
>
0x4533A0A1.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
--- End Message ---
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
