Can't connec to PEAP anymore on current Ubuntu (2.10 built with openssl3)
Jouni Malinen
j at w1.fi
Sat May 7 10:50:12 PDT 2022
On Thu, May 05, 2022 at 08:56:18AM +0200, Alan DeKok wrote:
> On May 4, 2022, at 6:16 PM, Jouni Malinen <j at w1.fi> wrote:
> > I'll probably add at least this into wpa_supplicant with a clear event
> > message identifying this specific issue to upper layers and a
> > network-specific configuration parameter for enabling the workaround
> > (and a suitable set of warnings to recommend against using this
> > workaround in cases where the user care about real security..).
>
> That seems best. This should likely not be enabled by default, and maybe even require special build options.
This parameter is now available to (re-)enable the workaround in OpenSSL
3.0 (phase1="allow_unsafe_renegotiation=1"):
https://w1.fi/cgit/hostap/commit/?id=566ce69a8d0e64093309cbde80235aa522fbf84e
And upper layer components can use this notification to get a clear
indication when this workaround would be needed:
https://w1.fi/cgit/hostap/commit/?id=a561d12d24c2c8bb0f825d4a3a55a5e47e845853
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list