Can't connec to PEAP anymore on current Ubuntu (2.10 built with openssl3)
seb128 at ubuntu.com
Wed Apr 6 02:54:03 PDT 2022
Thanks for your reply. I think the 2 launchpad reports I listed are
You are right that
https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267 is an openssl
choice to disable unsecure configuration, the log in that case has
> OpenSSL: openssl_handshake - SSL_connect error:0A000152:SSL
routines::unsafe legacy renegotiation disabled
but https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1962541 seems a
different problem though, the log in that case seems to be
wpa_supplicant: SSL: SSL3 alert: write (local SSL3 detected an
wpa_supplicant: EAP: Status notification: local TLS alert
wpa_supplicant: SSL: (where=0x1002 ret=0xffffffff)
wpa_supplicant: SSL: SSL_connect:error in error
wpa_supplicant: OpenSSL: openssl_handshake - SSL_connect
error:0A0C0103:SSL routines::internal error
Which could also be an openssl issue but seems to not be the same as the
legacy renegotiation right?
Le 06/04/2022 à 03:15, Masashi Honma a écrit :
> Thanks for the detailed log.
> But I could not find out the way to avoid this issue by fixing wpa_supplicant.
> According to the comment
> adding this to /usr/lib/ssl/openssl.cnf fixes the issue.
> Options = UnsafeLegacyRenegotiation
> Since this workaround exists, the OpenSSL developers have decided that
> this bug wont be fixed.
> So, as Sebastien says, issue reporters need to encourage network
> administrators to use more secure settings.
> Masashi Honma.
> 2022年4月5日(火) 18:44 Sebastien Bacher<seb128 at ubuntu.com>:
>> Hey Masashi, thanks for the reply
>> Le 04/04/2022 à 09:35, Masashi Honma a écrit :
>>> Thanks for the logs.
>>> But I can not reproduce it yet.
>>> I tried with wpa_supplicant 2.10 package on the Ubuntu 22.04 beta.
>>> It can connect with EAP-PEAP and FreeRADIUS 3.0.25.
>>> I guess you are using -d option for wpa_supplicant.
>>> We can get more detailed log with more 'd's.
>>> Could you provide more detailed log with -ddddddddddd option ?
>> The reporter added a new log with more debug now
>> Hostap mailing list
>> Hostap at lists.infradead.org
More information about the Hostap