Package: wpa
Version: 2:2.6-4

OpenSSL 1.1.0f-5 will not by default negotiate a version of TLS lower than 1.2.
I'm having an issue with EAP authentication that seems related to this.

With openssl 1.1.0f-3 installed:

wpa_supplicant[30538]: wlp3s0: SME: Trying to authenticate with xx:xx:.. (SSID='UPC Wi-Free' freq=2437 MHz) wpa_supplicant[30538]: wlp3s0: Trying to associate with xx:xx:.. (SSID='UPC Wi-Free' freq=2437 MHz)
wpa_supplicant[30538]: wlp3s0: Associated with xx:xx:..
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-STARTED EAP authentication started wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/C=NL/O=Liberty Global Operations B.V./OU=Root CA0001/CN=Liberty Global Root Certification Authority' hash=... wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/C=NL/O=Liberty Global Operations B.V./OU=Root CA0001/CN=Liberty Global Root Certification Authority' hash=... wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=NL/O=Liberty Global Operations B.V./OU=HORIZON Service Operator CA0001/CN=Liberty Global HORIZON Service Operator Certification Authority' hash=... wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=NL/O=LGI/OU=HORIZON/CN=Liberty Global WiFi 0001' hash=... wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:wifi-auth.upc.biz
wpa_supplicant[30538]: EAP-MSCHAPV2: Authentication succeeded
wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully wpa_supplicant[30538]: EAPOL: Received IEEE 802.1X EAPOL-Key even though this was not accepted - ignoring this packet wpa_supplicant[30538]: wlp3s0: WPA: Key negotiation completed with xx:xx:.. [PTK=CCMP GTK=TKIP] wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-CONNECTED - Connection to xx:xx:.. completed [id=0 id_str=] wpa_supplicant[30538]: EAPOL: Received IEEE 802.1X EAPOL-Key even though this was not accepted - ignoring this packet wpa_supplicant[30538]: wlp3s0: CTRL-EVENT-SIGNAL-CHANGE above=1 signal=-49 noise=9999 txrate=144400


With 1.1.0f-5 installed:

wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-SSID-REENABLED id=0 ssid="UPC
Wi-Free"
wpa_supplicant[32704]: wlp3s0: SME: Trying to authenticate with xx:xx:..
(SSID='UPC Wi-Free' freq=2412 MHz)
wpa_supplicant[32704]: wlp3s0: Trying to associate with xx:xx:..
(SSID='UPC Wi-Free' freq=2412 MHz)
wpa_supplicant[32704]: wlp3s0: Associated with xx:xx:..
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-EAP-STARTED EAP authentication
started
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0
method=25
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method
25 (PEAP) selected
wpa_supplicant[32704]: SSL: SSL3 alert: write (local SSL3 detected an
error):fatal:protocol version
wpa_supplicant[32704]: OpenSSL: openssl_handshake - SSL_connect
error:1417118C:SSL routines:tls_process_server_hello:version too low
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-EAP-FAILURE EAP authentication
failed
wpa_supplicant[32704]: wlp3s0: Authentication with xx:xx:.. timed out.
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-DISCONNECTED bssid=xx:xx:..
reason=3 locally_generated=1
wpa_supplicant[32704]: wlp3s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0
ssid="UPC Wi-Free" auth_failures=2 duration=37 reason=AUTH_FAILED

Related bug reports:

https://bugs.debian.org/875423
https://bugs.debian.org/871987
https://bugs.debian.org/873302

Regards,

Gedalya

Reply via email to