The supplicant in Windows 7 and newer support TLS 1.2 for the TLS-based EAP types offered such as EAP-PEAP if the machine is fully patched via Windows Update.
TLS 1.1 and 1.2 are disabled by default but can be enabled for you to test with. See the second More Information section of: https://support.microsoft.com/en-us/kb/2977292 The configuration of the TlsVersion DWORD in the registry is actually more granular than the KB article lets on as you actually get control of both the client and server version behaviour, it is not lumped together. The values map to the SP_PROT flags defined in schannel.h, documented online as part of the SCHANNEL_CRED structure under grbitEnabledProtocols. http://msdn.microsoft.com/en-gb/library/windows/desktop/aa379810.aspx SP_PROT_TLS1_SERVER 0x00000040 SP_PROT_TLS1_CLIENT 0x00000080 SP_PROT_TLS1_1_SERVER 0x00000100 SP_PROT_TLS1_1_CLIENT 0x00000200 SP_PROT_TLS1_2_SERVER 0x00000400 SP_PROT_TLS1_2_CLIENT 0x00000800 Regards, Nick _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
