Author Topic: Ciphers for WPA3 Enterprise (Read 792 times)

SteveK · « **on:** March 01, 2023, 11:13:03 am »

Hi,

I found this topic regarding the certificate to be used for RADIUS:

Quote

To use WPA3 enterprise, the RADIUS servers must use one of the permitted EAP ciphers:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

Could someone please tell me, which options in the GUI for creating a server certificate reflect to these ciphers?

I would like to create such a server certificate for the RADIUS server in order to use it with a Unifi AP for setting up a WPA3 enterprise WLAN.

Thanks

bartjsmit · « **Reply #1 on:** March 01, 2023, 02:05:48 pm »

Ciphers in TLS are negotiated between the two endpoints. X.509 certificates are signed by keys using different protocols. They are not the same thing.

See this table for an overview: https://en.wikipedia.org/wiki/Cipher_suite#Supported_algorithms

In general though, elliptic curves are better than RSA and with current compute power it pays to use the largest key and hash sizes available.

Bart...

SteveK · « **Reply #2 on:** March 02, 2023, 07:12:48 pm »

Thanks for the feedback.

I thought that the certificates to be generated should fulfill kind of ciphers "requirements".

Author Topic: Ciphers for WPA3 Enterprise (Read 792 times)

SteveK

Ciphers for WPA3 Enterprise

bartjsmit

Re: Ciphers for WPA3 Enterprise

SteveK

Re: Ciphers for WPA3 Enterprise