On Fri, Aug 11, 2017 at 01:34:53PM +0200, Sven Hartge wrote: > Marco d'Itri <m...@linux.it> wrote: > > On Aug 09, Sven Hartge <s...@svenhartge.de> wrote: > > >> Looking at https://developer.android.com/about/dashboards/index.html > >> there is still a marketshare of ~25% of smartphones based on Android > >> 5.0 and 5.1 and 16% based on 4.4. So this change would (at the > >> moment) block ~40% of Android smartphones from connecting to any WLAN > >> using PEAP or TTLS. > > > Android 5.x should support TLS 1.2: > > http://caniuse.com/#search=TLS > > The Browser, yes. But not the components doing the WPA stuff: > > ,---- > | Aug 9 20:09:13 ds9 radiusd[4179992]: (12924) Login incorrect (eap_ttls: > TLS Alert write:fatal:protocol version): [owehxperia] (from client ap01 port > 54 cli 30-39-26-xx-xx-xx) > | Aug 9 20:09:24 ds9 radiusd[4179992]: (12928) eap_ttls: ERROR: TLS Alert > write:fatal:protocol version > | Aug 9 20:09:24 ds9 radiusd[4179992]: tls: TLS_accept: Error in error > `---- > > Only recompiling openssl with TLS1.0 and TLS1.1 enabled allowed my phone > to connect successfully.
Any idea if this actually works with newer android phones? Could someone report this to Google? I consider everything broken by this a security issue and hope that Google will fix it in all releases they still support. Kurt