Ciphers for WPA3 Enterprise

Started by SteveK, March 01, 2023, 11:13:03 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 01, 2023, 11:13:03 AM
Hi,

I found this topic regarding the certificate to be used for RADIUS:

QuoteTo use WPA3 enterprise, the RADIUS servers must use one of the permitted EAP ciphers:

    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

Could someone please tell me, which options in the GUI for creating a server certificate reflect to these ciphers?

I would like to create such a server certificate for the RADIUS server in order to use it with a Unifi AP for setting up a WPA3 enterprise WLAN.

Thanks
March 01, 2023, 02:05:48 PM #1
Ciphers in TLS are negotiated between the two endpoints. X.509 certificates are signed by keys using different protocols. They are not the same thing.

See this table for an overview: https://en.wikipedia.org/wiki/Cipher_suite#Supported_algorithms

In general though, elliptic curves are better than RSA and with current compute power it pays to use the largest key and hash sizes available.

Bart...
March 02, 2023, 07:12:48 PM #2
Thanks for the feedback.

I thought that the certificates to be generated should fulfill kind of ciphers "requirements".
Print
Go Up Pages1
User actions