Can't connec to PEAP anymore on current Ubuntu (2.10 built with openssl3)

Sebastien Bacher seb128 at
Wed Apr 6 02:54:03 PDT 2022

Hey Masashi,

Thanks for your reply. I think the 2 launchpad reports I listed are 
different issues.

You are right that is an openssl 
choice to disable unsecure configuration, the log in that case has

>  OpenSSL: openssl_handshake - SSL_connect error:0A000152:SSL 
routines::unsafe legacy renegotiation disabled

but seems a 
different problem though, the log in that case seems to be

wpa_supplicant[838]: SSL: SSL3 alert: write (local SSL3 detected an 
error):fatal:internal error
wpa_supplicant[838]: EAP: Status notification: local TLS alert 
(param=internal error)
wpa_supplicant[838]: SSL: (where=0x1002 ret=0xffffffff)
wpa_supplicant[838]: SSL: SSL_connect:error in error
wpa_supplicant[838]: OpenSSL: openssl_handshake - SSL_connect 
error:0A0C0103:SSL routines::internal error

Which could also be an openssl issue but seems to not be the same as the 
legacy renegotiation right?


Le 06/04/2022 à 03:15, Masashi Honma a écrit :
> Thanks for the detailed log.
> But I could not find out the way to avoid this issue by fixing wpa_supplicant.
> According to the comment
> adding this to /usr/lib/ssl/openssl.cnf fixes the issue.
> [system_default_sect]
> Options = UnsafeLegacyRenegotiation
> Since this workaround exists, the OpenSSL developers have decided that
> this bug wont be fixed.
> So, as Sebastien says, issue reporters need to encourage network
> administrators to use more secure settings.
> Regards,
> Masashi Honma.
> 2022年4月5日(火) 18:44 Sebastien Bacher<seb128 at>:
>> Hey Masashi, thanks for the reply
>> Le 04/04/2022 à 09:35, Masashi Honma a écrit :
>>> Thanks for the logs.
>>> But I can not reproduce it yet.
>>> I tried with wpa_supplicant 2.10 package on the Ubuntu 22.04 beta.
>>> It can connect with EAP-PEAP and FreeRADIUS 3.0.25.
>>> I guess you are using -d option for wpa_supplicant.
>>> We can get more detailed log with more 'd's.
>>> Could you provide more detailed log with -ddddddddddd option ?
>> The reporter added a new log with more debug now
>> Cheers
>> _______________________________________________
>> Hostap mailing list
>> Hostap at

More information about the Hostap mailing list