[pkg-wpa-devel] Bug#877904: EAP: TLS version too low
Gedalya
gedalya at gedalya.net
Fri Oct 6 23:42:42 UTC 2017
Package: wpa
Version: 2:2.6-4
OpenSSL 1.1.0f-5 will not by default negotiate a version of TLS lower
than 1.2.
I'm having an issue with EAP authentication that seems related to this.
With openssl 1.1.0f-3 installed:
wpa_supplicant[30538]: wlp3s0: SME: Trying to authenticate with xx:xx:..
(SSID='UPC Wi-Free' freq=2437 MHz)
wpa_supplicant[30538]: wlp3s0: Trying to associate with xx:xx:..
(SSID='UPC Wi-Free' freq=2437 MHz)
wpa_supplicant[30538]: wlp3s0: Associated with xx:xx:..
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-STARTED EAP authentication
started
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0
method=25
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method
25 (PEAP) selected
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=2
subject='/C=NL/O=Liberty Global Operations B.V./OU=Root
CA0001/CN=Liberty Global Root Certification Authority' hash=...
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=2
subject='/C=NL/O=Liberty Global Operations B.V./OU=Root
CA0001/CN=Liberty Global Root Certification Authority' hash=...
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=1
subject='/C=NL/O=Liberty Global Operations B.V./OU=HORIZON Service
Operator CA0001/CN=Liberty Global HORIZON Service Operator Certification
Authority' hash=...
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=0
subject='/C=NL/O=LGI/OU=HORIZON/CN=Liberty Global WiFi 0001' hash=...
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-PEER-ALT depth=0
DNS:wifi-auth.upc.biz
wpa_supplicant[30538]: EAP-MSCHAPV2: Authentication succeeded
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-SUCCESS EAP authentication
completed successfully
wpa_supplicant[30538]: EAPOL: Received IEEE 802.1X EAPOL-Key even though
this was not accepted - ignoring this packet
wpa_supplicant[30538]: wlp3s0: WPA: Key negotiation completed with
xx:xx:.. [PTK=CCMP GTK=TKIP]
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-CONNECTED - Connection to
xx:xx:.. completed [id=0 id_str=]
wpa_supplicant[30538]: EAPOL: Received IEEE 802.1X EAPOL-Key even though
this was not accepted - ignoring this packet
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-SIGNAL-CHANGE above=1
signal=-49 noise=9999 txrate=144400
With 1.1.0f-5 installed:
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-SSID-REENABLED id=0 ssid="UPC
Wi-Free"
wpa_supplicant[32704]: wlp3s0: SME: Trying to authenticate with xx:xx:..
(SSID='UPC Wi-Free' freq=2412 MHz)
wpa_supplicant[32704]: wlp3s0: Trying to associate with xx:xx:..
(SSID='UPC Wi-Free' freq=2412 MHz)
wpa_supplicant[32704]: wlp3s0: Associated with xx:xx:..
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-EAP-STARTED EAP authentication
started
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0
method=25
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method
25 (PEAP) selected
wpa_supplicant[32704]: SSL: SSL3 alert: write (local SSL3 detected an
error):fatal:protocol version
wpa_supplicant[32704]: OpenSSL: openssl_handshake - SSL_connect
error:1417118C:SSL routines:tls_process_server_hello:version too low
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-EAP-FAILURE EAP authentication
failed
wpa_supplicant[32704]: wlp3s0: Authentication with xx:xx:.. timed out.
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-DISCONNECTED bssid=xx:xx:..
reason=3 locally_generated=1
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0
ssid="UPC Wi-Free" auth_failures=2 duration=37 reason=AUTH_FAILED
Related bug reports:
https://bugs.debian.org/875423
https://bugs.debian.org/871987
https://bugs.debian.org/873302
Regards,
Gedalya
More information about the Pkg-wpa-devel
mailing list