Can't connec to PEAP anymore on current Ubuntu (2.10 built with openssl3)
davide.caratti at gmail.com
Sun May 1 01:54:58 PDT 2022
Il giorno mer 6 apr 2022 alle ore 03:21 Masashi Honma
<masashi.honma at gmail.com> ha scritto:
> Thanks for the detailed log.
> But I could not find out the way to avoid this issue by fixing wpa_supplicant.
> According to the comment
> adding this to /usr/lib/ssl/openssl.cnf fixes the issue.
> Options = UnsafeLegacyRenegotiation
> Since this workaround exists, the OpenSSL developers have decided that
> this bug wont be fixed.
according to James' analysis, it should be also possible to allow
unsafe legacy renegotiation only for wpa_supplicant, avoiding applying
this setting system-wide. That should be do-able with:
as proposed at https://bugzilla.redhat.com/show_bug.cgi?id=2072070#c24.
A more complete fix would extend the wpa_supplicant configuration to
permit unsafe legacy TLS renegotiation only for users that explicitly
require it (so that it can be set only for connections that need this
Setting SSL_OP_LEGACY_SERVER_CONNECT unconditionally might also be
acceptable for wpa_supplicant IMO, but I would like to hear your
preference. Any feedback appreciated, thank you in advance!
More information about the Hostap