wpa_supplicant 2.4 / 2.5 Openssl TLS-PRF Problem

Jouni Malinen j at w1.fi
Fri Apr 1 03:34:18 PDT 2016

On Fri, Apr 01, 2016 at 11:37:40AM +0200, Thomas Rosenstein wrote:
> OpenSSL Version is 1.0.1k-fips 8 Jan 2015 from Fedora 22.
> Any idea which version they changed it?

The issue I was thinking of was fixed with this commit:

It was present in OpenSSL 1.0.1f but should be fixed in 1.0.1h and I'd
assume that would include 1.0.1k in Fedora if that really is based on
1.0.1k and not just some important fixes being pulled into an earlier
snapshot. I think this issue is still present in the Ubuntu 14.04
package for example, but that is identified as 1.0.1f-1ubuntu2.18.

So if it is not that one, then something else.. Which TLS cipher suite
are you using here and what kind of X.509 certificate(s) (mainly, the
signature algorithms)? Please note that the hash function changes and
the wpa_supplicant implementation of the internal key derivation does
not support this correctly for some cases (which is one of the reason
for that use of SSL_export_keying_material() being used in the first

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list