*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
--- Begin Message ---You guys rock! Your fast actions to user feature requests and general IT trends are amazing!Cheers, Alex On 2014-09-26 10:50, Sami Keski-Kasari wrote: > Hello all, > > we have now added RSA2048/SHA256 and ECDSA(curve secp256r1)/SHA256 test > certificates to Radiator 4.13 patches. > > RSA2048/SHA256 certificates requires OpenSSL that includes SHA2 in > SSL_library_init() or [1]. Please note that certificates are now longer > which means when using them, for example, with PEAP there will be more > EAP fragments. Some access points might have problems with them, so if > you have not yet adjusted EAPTLS_MaxFragmentSize you may need to do so. > > ECDSA(curve secp256r1)/SHA256 certificates require OpenSSL 1.0.0 or > newer. For ephemeral EC keying Radiator patch dated 2014-09-25 and > Net-SSLeay 1.58 or newer is required. This may be interesting for long > lived sessions, such as RadSec links. > > We have tested that Radiator supports ECDSA certificates in all SSL/TLS > related operations including RadSec, Diameter, PEAP, EAP-TTLS, EAP-TLS, etc. > > Client support for ECDSA certificates seems to be widely available. > Mobile platforms such as Android version starting 4.1.2, iOS7/8 and WP8 > support ECDSA certificates according to our tests. Windows 7 and modern > Linux based distributions seem to be working also. > > If you are encountering fragmentation problems with RSA2048/SHA256 > certificates, ECDSA certificates might be a worth trying as they are > significantly shorter. > > Configuration examples for EAPs, RadSec, Diameter, etc. will be updated > today. > > [1] SHA-256 support can be made to work with Net-SSLeay 1.46 which > supports OpenSSL_add_all_algorithms() and a one line addition to > Radiator to call this function. > > Best Regards, > Sami >
0x4533A0A1.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
--- End Message ---
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator