Text only | Text with Images

OPNsense Forum

Archive => 23.1 Legacy Series => Topic started by: SteveK on March 01, 2023, 11:13:03 AM

Title: Ciphers for WPA3 Enterprise
Post by: SteveK on March 01, 2023, 11:13:03 AM
Hi,

I found this topic regarding the certificate to be used for RADIUS:

QuoteTo use WPA3 enterprise, the RADIUS servers must use one of the permitted EAP ciphers:

    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

Could someone please tell me, which options in the GUI for creating a server certificate reflect to these ciphers?

I would like to create such a server certificate for the RADIUS server in order to use it with a Unifi AP for setting up a WPA3 enterprise WLAN.

Thanks
Title: Re: Ciphers for WPA3 Enterprise
Post by: bartjsmit on March 01, 2023, 02:05:48 PM
Ciphers in TLS are negotiated between the two endpoints. X.509 certificates are signed by keys using different protocols. They are not the same thing.

See this table for an overview: https://en.wikipedia.org/wiki/Cipher_suite#Supported_algorithms

In general though, elliptic curves are better than RSA and with current compute power it pays to use the largest key and hash sizes available.

Bart...
Title: Re: Ciphers for WPA3 Enterprise
Post by: SteveK on March 02, 2023, 07:12:48 PM
Thanks for the feedback.

I thought that the certificates to be generated should fulfill kind of ciphers "requirements".
Text only | Text with Images