With the release of iOS 11, TLS 1.2 will now be the default for EAP-TLS negotiation. This may cause an issue with older clients that still need to connect on TLS 1.0 or 1.1. Apple has allowed for a method to override this default setting with a configuration profile sent down to the device via MDM. In order to ensure your iOS devices, maintain Wi-Fi connection when upgrading to iOS 11, please follow the steps below:
Note: If you already have a successfully deployed iOS Wi-Fi with EAP-TLS configured, skip to step 3.
- Create a new profile with a Wi-Fi payload using EAP-TLS and General payload configured.
- Ensure that the profile successfully configures Wi-Fi on an iOS device.
- From your profile list view, select the Wi-Fi with EAP-TLS created profile and choose to view XML.
- Export or copy the XML of the profile.
- Edit the XML to remove everything prior to the first <dict> and after its corresponding </dict>.
- Edit the XML again to add the following bolded key/values (accepted values are 1.0, 1.1, and 1.2). These should be a part of the EAPClientConfiguration key
- Edit the XML a final time to create a unique identifier for the payload. Locate the PayloadUUID key and edit the values that correspond to the 'X's to random values. Please ensure these values are as random as possible to avoid issues with duplicate identifiers (e.g. 123456, 111111, 101010).
- Create another new profile and configure the General payload
- Paste your edited XML into the Custom Settings payload and publish to devices