Can't connec to PEAP anymore on current Ubuntu (2.10 built with openssl3)

Jouni Malinen j at
Sat May 7 10:50:12 PDT 2022

On Thu, May 05, 2022 at 08:56:18AM +0200, Alan DeKok wrote:
> On May 4, 2022, at 6:16 PM, Jouni Malinen <j at> wrote:
> > I'll probably add at least this into wpa_supplicant with a clear event
> > message identifying this specific issue to upper layers and a
> > network-specific configuration parameter for enabling the workaround
> > (and a suitable set of warnings to recommend against using this
> > workaround in cases where the user care about real security..).
>   That seems best.  This should likely not be enabled by default, and maybe even require special build options.

This parameter is now available to (re-)enable the workaround in OpenSSL
3.0 (phase1="allow_unsafe_renegotiation=1"):

And upper layer components can use this notification to get a clear
indication when this workaround would be needed:

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list