Microsoft NPS, TLS 1.2, older MRs. Trying to clear up some confusion.
So we're having hit or miss experience recently.
If I am understanding this correctly Windows 10(22H2) / 11 are now defaulting to TLS 1.2 (or maybe even 1.3) and this is causing authentication issues when communicating/trying to auth with the old RADIUS server.
It seems I can just add the reg key to force the server to use TLS 1.2 but the MRs themselves dont support TLS 1.2. Does that affect clients as well or does that only affect the RADIUS Testing the MR does (theres a checkbox for this)
Am I safe to enable TLS 1.2 on the server side to resolve Windows client issues or do I have to force Windows Client to use 1.0 (via a GPO or MDM) or replace MRs?
For “real” authentication the MR just forwards the TLS communication that is encapsulated in EAP between the client (supplicant) and the NPS (authentication server). The MR (authenticator) does not need to understand this communication.
For “real” authentication the MR just forwards the TLS communication that is encapsulated in EAP between the client (supplicant) and the NPS (authentication server). The MR (authenticator) does not need to understand this communication.
Get notified when there are additional replies to this discussion.
