mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-02-20 02:53:03 -05:00
870dfe9932
FreeRADIUS releases before 1.1.4 did not send MS-CHAP2-Success in EAP-TTLS/MSCHAPv2. A wpa_supplicant workaround for that was added in 2005 and it has been enabled by default to avoid interoperability issues. This could be disabled with all other EAP workarounds (eap_workaround=0). However, that will disable some workarounds that are still needed with number of authentication servers. Old FreeRADIUS versions should not be in use anymore, so it makes sense to remove this EAP-TTLS/MSCHAPv2 workaround completely to get more complete validation of server behavior. This allows MSCHAPv2 to verify that the server knows the password instead of relying only on the TLS certificate validation. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>