wpa built with openssl3 can't connect to servers using TLS 1.1 or older

Sebastien Bacher seb128 at ubuntu.com
Wed May 18 07:23:26 PDT 2022


Hey there,

The issue has been reported downstream, it's a problem for legacy setups 
but those don't seem rare from the users feedback

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011121
https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267
https://bugzilla.redhat.com/show_bug.cgi?id=2069239

The authentification fails
 > OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL 
routines::internal error

Clemens Lang explained the issue

'these servers only offer TLS 1.1 or older, which uses MD5-SHA1 as 
digest in its signature algorithm. Due to recent collision attacks on 
SHA1, this no longer meets OpenSSL default level of security of 80 bits 
(see https://sha-mbles.github.io/ <https://sha-mbles.github.io/>, which 
reduced the chosen-prefix collision to 63.4 bits).

Fedora fixes the problem with those patches in openssl
https://src.fedoraproject.org/rpms/openssl/blob/f36/f/0049-Allow-disabling-of-SHA1-signatures.patch
https://src.fedoraproject.org/rpms/openssl/blob/f36/f/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch

There is an open discussion upstream about adding the option in
https://github.com/openssl/openssl/issues/17662


Since it's likely to take time for the openssl change to be agreed on, 
land and reach distribution I was wondering if wpa could do something to 
help in those cases? Would it be possible to maybe default to SECLEVEL=0 
for TLS <= 1.1 connections when building with openssl3?

Cheers,
Sebastien Bacher




More information about the Hostap mailing list