wpa_supplicant: DH prime sent by server is too short

Jouni Malinen j
Thu Nov 6 23:27:49 PST 2008


On Thu, Nov 06, 2008 at 11:10:13AM -0600, Philip M. White wrote:

> I've been using wpa_supplicant 0.5.7 at my university (with EAP-PEAP) with few
> minor problems.  My laptop has an Intel 4965 wireless adapter, and I'm using
> the latest iwlwifi firmware with kernel 2.6.27.  After upgrading to
> wpa_supplicant 0.6.4, I'm no longer able to complete the 802.1x authentication
> at all.

Where did you get this wpa_supplicant builds? Binary packages from a
distribution? Your own builds? Do you know whether the 0.5.7 build was
using OpenSSL as the TLS library and the 0.6.4 build GnuTLS?

> I've captured the output in debug mode:
> http://www.qnan.org/~pmw/bug_reports/wpa_supplicant/0.6.4-utdallas.out
> 
> Seemingly the most important lines are 239-240:
> tls_connection_handshake - gnutls_handshake failed -> The Diffie Hellman prime sent by the server is not acceptable (not long enough).

It looks like a security validation in GnuTLS is rejecting the server
parameters for Diffie-Hellman as too insecure. Recommended fix for this
would be to make the authentication server use longer Diffie-Hellman
prime, but that may not be feasible option for you. If you saw this
working earlier with OpenSSL as the TLS library, that would be another
option to work aorund the authentication problem. It should also be
possible to change the GnuTLS wrapper to allow shorter Diffie-Hellman
keys, but I don't think I would like to do that in the release packages
because of potential for reduced security.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list