• State Resolved
  • Locked Locked
  • Replies 6 replies
  • Subscribers 39 subscribers
  • Views 1262 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3100: Is Enterprise Wifi EAP - TLS v1.2 supported ?

Benjamin Olivier
Prodigy 135 points
Part Number: CC3100


Hello,

I've set up an enterprise wifi network using freeradius and managed to connect the CC3100 successfully to it. I've noticed that the TLS version used during the authentication is 1.0 according to the freeradius logs.

I then tried to configure the radius server to only accept TLS1.2 during authentication to check if the device would accept it, but the CC3100 doesn't seem to be willing to authenticate using TLS1.2, and the authentication fails due to the TLS version, according to freeradius logs.

On the other hand I'm also doing secured socket communication using TLS, using SL_SO_SEC_METHOD_SSLv3_TLSV1_2. This suggests that the TLS1.2 is supported by the CC3100 but I may be missing something here.

Is there a way to make the CC3100 accept a TLS1.2 Enterprise wifi authentication ?

Thanks in advance,

Best regards,

Benjamin

  • 0
    TI__Expert 8255 points
    Hi Benjamin,

    Are you sure the radius server was configured for TLS1.2 correctly? One other option you could try is: SL_SO_SEC_METHOD_TLSV1_2, though it may lead to the same result.

    When you were successfully connected with the TLS 1.0 configuration did you set the method to SL_SO_SEC_METHOD_TLSV1?
  • 0 in reply to Austin Tanner
    Prodigy 135 points

    Hi Austin,

    Thanks for your answer.

    I believe my radius server is okay as I can connect a macbook pro to it and can see that the TLS1.2 is used properly.

    To configure the WLAN I just set the SL_ENT_EAP_METHOD_TLS method among those, defined in wlan.h :

    • SL_ENT_EAP_METHOD_TLS
    • SL_ENT_EAP_METHOD_TTLS_TLS
    • SL_ENT_EAP_METHOD_TTLS_MSCHAPv2
    • SL_ENT_EAP_METHOD_TTLS_PSK
    • SL_ENT_EAP_METHOD_PEAP0_TLS
    • SL_ENT_EAP_METHOD_PEAP0_MSCHAPv2
    • SL_ENT_EAP_METHOD_PEAP0_PSK
    • SL_ENT_EAP_METHOD_PEAP1_TLS
    • SL_ENT_EAP_METHOD_PEAP1_MSCHAPv2
    • SL_ENT_EAP_METHOD_PEAP1_PSK
    • SL_ENT_EAP_METHOD_FAST_AUTH_PROVISIONING
    • SL_ENT_EAP_METHOD_FAST_UNAUTH_PROVISIONING
    • SL_ENT_EAP_METHOD_FAST_NO_PROVISIONING

    Is there any way to precise the TLS version to be used ?

    Note that ideally in my case the CC3100 would accept to use TLS1.0, TLS1.1 or TLS1.2 depending on the radius server it's talking to.

    Thanks again for your support,

    Best regards,

    Benjamin


  • 0 in reply to Benjamin Olivier
    Prodigy 135 points
    Hi,

    Any news in regards to this subject ?

    Thanks for your support,
    Best regards,
    Benjamin
  • 0 in reply to Benjamin Olivier
    TI__Expert 8255 points
    Hi Benjamin,

    Just to confirm, among the SL_ENT_EAP_METHOD_TLS you listed above have you also attempted with:

    SL_ENT_EAP_METHOD_TTLS_TLS
    SL_ENT_EAP_METHOD_PEAP0_TLS
    SL_ENT_EAP_METHOD_PEAP1_TLS

    In the meantime, let me confirm if this is a device limitation.
  • 0 in reply to Austin Tanner
    TI__Expert 8255 points
    Hi Benjamin,

    Thanks for your patience. The initial feedback I've received is that Gen 1 is limited to supporting TLS1.0.
  • 0 in reply to Austin Tanner
    Prodigy 135 points
    Hi Austin,

    Ok noted, thanks for your help.

    Best regards,
    Benjamin