[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older

Wed, 18 May 2022 08:36:21 -0700 

Retitling this report to focus on the issue connecting to TLS <= 1.1
servers, which is reported upstream now on
http://lists.infradead.org/pipermail/hostap/2022-May/040563.html


** Summary changed:

- "Connection failed" for WPA Enterprise network (e.g. eduroam)
+ wpa can't connect to servers using TLS 1.1 or older

** Changed in: wpa (Ubuntu)
       Status: Confirmed => Triaged

** Description changed:

+ wpa built with in openssl3 fails to connect to TLS 1.1 or lower server
+ 
+ those uses MD5-SHA1 as digest in its signature algorithm which no longer
+ meets OpenSSL default level of security of 80 bits
+ 
+ http://lists.infradead.org/pipermail/hostap/2022-May/040563.html
+ 
+ Workaround are described in #22 and #36 by basically using 
+ CipherString = DEFAULT@SECLEVEL=0
+ 
+ which lowers the security level
+ 
+ -------
+ 
  With the current jammy version of wpasupplicant (2:2.10-1), I cannot
  connect to the WPA Enterprise network eduroam, which is used by
  Universities worldwide. I get a "Connection failed" message or a request
  to re-enter the password.
  
  - I've re-tried the credentials: no fix ;-)
  
  - Tried a 21.10 live session on the same machine: works fine!
  
  - Manually downgraded wpasupplicant to the impish version
  (2:2.9.0-21build1): connected normally.
  
  - Upgraded wpasupplicant to the latest version: fails to connect again.
- 
  
  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: wpasupplicant 2:2.10-1
  ProcVersionSignature: Ubuntu 5.15.0-17.17-generic 5.15.12
  Uname: Linux 5.15.0-17-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.20.11-0ubuntu75
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Jan 18 09:56:23 2022
  InstallationDate: Installed on 2021-11-30 (48 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20211130)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: wpa
  UpgradeStatus: No upgrade log present (probably fresh install)

** Changed in: wpa (Ubuntu Jammy)
    Milestone: None => ubuntu-22.04.1

** Bug watch added: Debian Bug tracker #1011121
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011121

** Changed in: wpa (Debian)
       Status: Fix Released => Unknown

** Changed in: wpa (Debian)
 Remote watch: Debian Bug tracker #1010603 => Debian Bug tracker #1011121

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1958267

Title:
  wpa can't connect to servers using TLS 1.1 or older

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to