I'm suffering the very same problem than the OP with my employer's WiFi network.
> If I downgrade libssl1.0.2 to 1.0.2j-1 then I can connect to the > WPA-EAP network without problem. Good catch downgrading openssl! I can confirm the WiFi connection to work up to libssl1.0.2-4 [1], so I guess the fix for #736687 is to blame for this [2]: * Mark RC4 and 3DES as weak which removes them from the SSL/TLS protocol (Closes: #736687). As a *dirty* workaround, I - re-upgraded to libssl1.0.2ll-2/stretch - renamed /sbin/wpa_supplicant and put a wrapper script in its place - which sets LD_LIBRARY_PATH to a location containing libssl.so.1.0.2 from [1] and then starts the renamed wpa_supplicant binary with the original command-line parameters. HTH, Daniel [1] http://snapshot.debian.org/package/openssl1.0/1.0.2j-4/#libssl1.0.2_1.0.2j-4 [2] https://anonscm.debian.org/viewvc/pkg-openssl/openssl/branches/openssl1.0/debian/patches/Mark-3DES-and-RC4-ciphers-as-weak.patch?revision=865&view=markup&sortby=log
signature.asc
Description: OpenPGP digital signature
