wpa built with openssl3 can't connect to servers using TLS 1.1 or older
Sebastien Bacher
seb128 at ubuntu.com
Wed May 18 07:23:26 PDT 2022
Hey there,
The issue has been reported downstream, it's a problem for legacy setups
but those don't seem rare from the users feedback
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011121
https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267
https://bugzilla.redhat.com/show_bug.cgi?id=2069239
The authentification fails
> OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL
routines::internal error
Clemens Lang explained the issue
'these servers only offer TLS 1.1 or older, which uses MD5-SHA1 as
digest in its signature algorithm. Due to recent collision attacks on
SHA1, this no longer meets OpenSSL default level of security of 80 bits
(see https://sha-mbles.github.io/ <https://sha-mbles.github.io/>, which
reduced the chosen-prefix collision to 63.4 bits).
Fedora fixes the problem with those patches in openssl
https://src.fedoraproject.org/rpms/openssl/blob/f36/f/0049-Allow-disabling-of-SHA1-signatures.patch
https://src.fedoraproject.org/rpms/openssl/blob/f36/f/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
There is an open discussion upstream about adding the option in
https://github.com/openssl/openssl/issues/17662
Since it's likely to take time for the openssl change to be agreed on,
land and reach distribution I was wondering if wpa could do something to
help in those cases? Would it be possible to maybe default to SECLEVEL=0
for TLS <= 1.1 connections when building with openssl3?
Cheers,
Sebastien Bacher
More information about the Hostap
mailing list