Package: wpasupplicant Version: 2:2.6-18 Severity: important With libssl1.1 1.1.1~~pre9-1, which more aggressively deprecates smaller key sizes by default, I can no longer connect to my office wifi network:
wpa_supplicant[523]: OpenSSL: pending error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error wpa_supplicant[523]: OpenSSL: pending error: error:140C800D:SSL routines:SSL_use_certificate_file:ASN1 lib wpa_supplicant[523]: OpenSSL: pending error: error:140C618E:SSL routines:SSL_use_certificate:ca md too weak wpa_supplicant[523]: TLS: Failed to set TLS connection parameters wpa_supplicant[523]: EAP-TLS: Failed to initialize SSL. wpa_supplicant[523]: wlp4s0: EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS) Downgrading libssl1.1 to 1.1.0h-4 allows me to connect again. Please adjust the defaults that wpasupplicant initializes OpenSSL with to continue to allow connecting to such networks. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.17.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages wpasupplicant depends on: ii adduser 3.117 ii libc6 2.27-5 ii libdbus-1-3 1.12.10-1 ii libnl-3-200 3.4.0-1 ii libnl-genl-3-200 3.4.0-1 ii libpcsclite1 1.8.23-3 ii libreadline7 7.0-5 ii libssl1.1 1.1.1~~pre9-1 ii lsb-base 9.20170808 wpasupplicant recommends no packages. Versions of packages wpasupplicant suggests: pn libengine-pkcs11-openssl <none> pn wpagui <none> -- no debconf information