HostAPd 2.6 fails EAP authentication with OpenSSL 1.1
Thomas d'Otreppe
tdotreppe at gmail.com
Sun Oct 29 13:46:33 PDT 2017
Hi,
Using HostAPd 2.6, compiled with OpenSSL 1.1 (1.1.0f-5) and Android
6.0 as client, EAP authentication fails with:
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
OpenSSL: openssl_handshake - SSL_connect error:1417D102:SSL
routines:tls_process_client_hello:unsupported protocol
Here is the complete log:
Configuration file: hostapd.conf
Using interface wlan0 with hwaddr d2:19:32:45:67:8e and ssid "hostapd"
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED
wlan0: STA a4:23:45:67:89:0a IEEE 802.11: authenticated
wlan0: STA a4:23:45:67:89:0a IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED a4:23:45:67:89:0a
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-STARTED a4:23:45:67:89:0a
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
OpenSSL: openssl_handshake - SSL_connect error:1417D102:SSL
routines:tls_process_client_hello:unsupported protocol
wlan0: CTRL-EVENT-EAP-FAILURE a4:23:45:67:89:0a
wlan0: STA a4:23:45:67:89:0a IEEE 802.1X: authentication failed - EAP
type: 0 (unknown)
wlan0: STA a4:23:45:67:89:0a IEEE 802.1X: Supplicant used different
EAP type: 25 (PEAP)
wlan0: STA a4:23:45:67:89:0a IEEE 802.11: deauthenticated due to local
deauth request
A similar issue affected Freeradius:
http://freeradius.1045715.n5.nabble.com/FreeRADIUS-3-0-15-fails-to-respond-with-TLS-1-0-Debian-testing-td5747111.html
The solution was to use SSL_CTX_set_max_proto_version and
SSL_CTX_set_min_proto_version as you can see on
https://github.com/FreeRADIUS/freeradius-server/commits/v3.0.x/src/main/tls.c
(anything on or after September 8 2017).
Best regards,
Thomas
More information about the Hostap
mailing list