Secure Open Wireless Access is not supported in OS X Lion

Number:rdar://9949957 Date Originated:2011-08-13
Status:Open Resolved:
Product:OS X Lion Product Version:10.7
Classification:Important Reproducible:Always
13-Aug-2011 05:31 PM Francois Proulx:
Secure Open Wireless Access (based on 802.1X EAP-TLS anonymous) has been presented by IBM at BlackHat 2011 ( The proof of concept currently works on OS X Lion (as well as Windows and Linux), but the GUI in OS X forces the user to choose a client certificate. The supplicant should be able to notice that the RADIUS server did not ask for the certificate_request message in the EAP tunnel. The GUI should be changed so that, in effect, it behaves the same way the normal Open Wireless network work (click the network and it connects). Although, it would be good to create a new iconography (a new kind of padlock icon to differentiate between WPA w/ authentication and WPA anonymous).

Proof of concept code is available



Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!