Can't connec to PEAP anymore on current Ubuntu (2.10 built with openssl3)

Sebastien Bacher seb128 at ubuntu.com
Wed Apr 6 02:54:03 PDT 2022 

Hey Masashi,

Thanks for your reply. I think the 2 launchpad reports I listed are 
different issues.

You are right that 
https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267 is an openssl 
choice to disable unsecure configuration, the log in that case has

>  OpenSSL: openssl_handshake - SSL_connect error:0A000152:SSL 
routines::unsafe legacy renegotiation disabled


but https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1962541 seems a 
different problem though, the log in that case seems to be

wpa_supplicant[838]: SSL: SSL3 alert: write (local SSL3 detected an 
error):fatal:internal error
wpa_supplicant[838]: EAP: Status notification: local TLS alert 
(param=internal error)
wpa_supplicant[838]: SSL: (where=0x1002 ret=0xffffffff)
wpa_supplicant[838]: SSL: SSL_connect:error in error
wpa_supplicant[838]: OpenSSL: openssl_handshake - SSL_connect 
error:0A0C0103:SSL routines::internal error


Which could also be an openssl issue but seems to not be the same as the 
legacy renegotiation right?

Cheers,
Sebastien

Le 06/04/2022 à 03:15, Masashi Honma a écrit :
> Thanks for the detailed log.
> But I could not find out the way to avoid this issue by fixing wpa_supplicant.
>
> According to the comment
> https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/comments/11,
> adding this to /usr/lib/ssl/openssl.cnf fixes the issue.
>
> [system_default_sect]
> Options = UnsafeLegacyRenegotiation
>
> Since this workaround exists, the OpenSSL developers have decided that
> this bug wont be fixed.
> https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1963834/comments/8
>
> So, as Sebastien says, issue reporters need to encourage network
> administrators to use more secure settings.
> https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/comments/13
>
> Regards,
> Masashi Honma.
>
> 2022年4月5日(火) 18:44 Sebastien Bacher<seb128 at ubuntu.com>:
>> Hey Masashi, thanks for the reply
>>
>> Le 04/04/2022 à 09:35, Masashi Honma a écrit :
>>> Thanks for the logs.
>>>
>>> But I can not reproduce it yet.
>>> I tried with wpa_supplicant 2.10 package on the Ubuntu 22.04 beta.
>>> It can connect with EAP-PEAP and FreeRADIUS 3.0.25.
>>>
>>> I guess you are using -d option for wpa_supplicant.
>>> We can get more detailed log with more 'd's.
>>> Could you provide more detailed log with -ddddddddddd option ?
>> The reporter added a new log with more debug now
>> https://launchpadlibrarian.net/594990339/wpa_supplicant.log
>>
>> Cheers
>>
>>
>> _______________________________________________
>> Hostap mailing list
>> Hostap at lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/hostap

More information about the Hostap mailing list