[pkg-wpa-devel] Bug#877904: EAP: TLS version too low

Gedalya gedalya at gedalya.net
Fri Oct 6 23:42:42 UTC 2017


Package: wpa
Version: 2:2.6-4

OpenSSL 1.1.0f-5 will not by default negotiate a version of TLS lower 
than 1.2.
I'm having an issue with EAP authentication that seems related to this.

With openssl 1.1.0f-3 installed:

wpa_supplicant[30538]: wlp3s0: SME: Trying to authenticate with xx:xx:.. 
(SSID='UPC Wi-Free' freq=2437 MHz)
wpa_supplicant[30538]: wlp3s0: Trying to associate with xx:xx:.. 
(SSID='UPC Wi-Free' freq=2437 MHz)
wpa_supplicant[30538]: wlp3s0: Associated with xx:xx:..
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-STARTED EAP authentication 
started
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 
method=25
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 
25 (PEAP) selected
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=2 
subject='/C=NL/O=Liberty Global Operations B.V./OU=Root 
CA0001/CN=Liberty Global Root Certification Authority' hash=...
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=2 
subject='/C=NL/O=Liberty Global Operations B.V./OU=Root 
CA0001/CN=Liberty Global Root Certification Authority' hash=...
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=1 
subject='/C=NL/O=Liberty Global Operations B.V./OU=HORIZON Service 
Operator CA0001/CN=Liberty Global HORIZON Service Operator Certification 
Authority' hash=...
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=0 
subject='/C=NL/O=LGI/OU=HORIZON/CN=Liberty Global WiFi 0001' hash=...
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-PEER-ALT depth=0 
DNS:wifi-auth.upc.biz
wpa_supplicant[30538]: EAP-MSCHAPV2: Authentication succeeded
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-SUCCESS EAP authentication 
completed successfully
wpa_supplicant[30538]: EAPOL: Received IEEE 802.1X EAPOL-Key even though 
this was not accepted - ignoring this packet
wpa_supplicant[30538]: wlp3s0: WPA: Key negotiation completed with 
xx:xx:.. [PTK=CCMP GTK=TKIP]
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-CONNECTED - Connection to 
xx:xx:.. completed [id=0 id_str=]
wpa_supplicant[30538]: EAPOL: Received IEEE 802.1X EAPOL-Key even though 
this was not accepted - ignoring this packet
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-SIGNAL-CHANGE above=1 
signal=-49 noise=9999 txrate=144400


With 1.1.0f-5 installed:

wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-SSID-REENABLED id=0 ssid="UPC
Wi-Free"
wpa_supplicant[32704]: wlp3s0: SME: Trying to authenticate with xx:xx:..
(SSID='UPC Wi-Free' freq=2412 MHz)
wpa_supplicant[32704]: wlp3s0: Trying to associate with xx:xx:..
(SSID='UPC Wi-Free' freq=2412 MHz)
wpa_supplicant[32704]: wlp3s0: Associated with xx:xx:..
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-EAP-STARTED EAP authentication
started
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0
method=25
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method
25 (PEAP) selected
wpa_supplicant[32704]: SSL: SSL3 alert: write (local SSL3 detected an
error):fatal:protocol version
wpa_supplicant[32704]: OpenSSL: openssl_handshake - SSL_connect
error:1417118C:SSL routines:tls_process_server_hello:version too low
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-EAP-FAILURE EAP authentication
failed
wpa_supplicant[32704]: wlp3s0: Authentication with xx:xx:.. timed out.
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-DISCONNECTED bssid=xx:xx:..
reason=3 locally_generated=1
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0
ssid="UPC Wi-Free" auth_failures=2 duration=37 reason=AUTH_FAILED

Related bug reports:

https://bugs.debian.org/875423
https://bugs.debian.org/871987
https://bugs.debian.org/873302

Regards,

Gedalya



More information about the Pkg-wpa-devel mailing list