Can't connec to PEAP anymore on current Ubuntu (2.10 built with openssl3)

Jouni Malinen j at w1.fi
Wed Apr 6 14:33:01 PDT 2022 

On Wed, Apr 06, 2022 at 11:54:03AM +0200, Sebastien Bacher wrote:
> but https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1962541 seems a
> different problem though, the log in that case seems to be
> 
> wpa_supplicant[838]: SSL: SSL3 alert: write (local SSL3 detected an
> error):fatal:internal error
> wpa_supplicant[838]: EAP: Status notification: local TLS alert
> (param=internal error)
> wpa_supplicant[838]: SSL: (where=0x1002 ret=0xffffffff)
> wpa_supplicant[838]: SSL: SSL_connect:error in error
> wpa_supplicant[838]: OpenSSL: openssl_handshake - SSL_connect
> error:0A0C0103:SSL routines::internal error
> 
> Which could also be an openssl issue but seems to not be the same as the
> legacy renegotiation right?

Yes, that looks different. I don't have Ubuntu 22.04 beta installed
anywhere, so it would take some effort to test that exact version, but I
tried to reproduce this on Ubuntu 22.04 with wpa_supplicant 2.10 built
with OpenSSL 3.0 (my own build; not an Ubuntu or Debian package) and I
could not reproduce this even when trying to configure my authentication
server to behave very closely to what was shown in the debug log in that
case.

I did not add the X509v3 extension OID 1.3.6.1.4.1.311.21.1 into the
test certificate, but I don't think this is behind the issue.

I do notice that the server key exchange message is of quite a bit
different size (331 bytes in the report while my test with OpenSSL 1.1.1
on the server ended up using 300 bytes), so it feels likely that
something strange happens here with the encoding that the particular
authentication server used in that network uses for that part of the TLS
handshake. The debug log hides that part as one of the potential
messages that could expose private information, so I cannot examine what
exactly happened there. In any case, this looks like an issue with that
specific authentication server implementation rather than something
more generic with wpa_supplicant and OpenSSL 3.0.

Unfortunately that OpenSSL error message is not exactly clear.. It looks
like there are about 16-17 locations where that could happen. I'd guess
it would be one that is related to processing of that server key
exchange message.

-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list