Hi. On Fri, Oct 05, 2018 at 12:41:44PM +0200, Pétùr wrote: > Hi, > > I cannot connect to WPA2 Entreprise network (PEAP + MSCHAPv2) with > openssl 1.1.1-1 (in sid today). I can connect 1.1.0f-3+deb9u2 version > (stable). > > Is it a bug in openssl 1.1.1-1 or some kind of incompatibility between > openssl 1.1.1-1 and my radius server?
No, it's considered a feature. openssl=1.1.1-1 changelog has this wonderful entry: openssl (1.1.1~~pre3-1) experimental; urgency=medium ... * Enable system default config to enforce TLS1.2 as a minimum. -- Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Wed, 21 Mar 2018 00:01:08 +0100 > The error log with the 1.1.1-1 version says: > > Tue Oct 2 14:07:43 2018 : Error: TLS Alert write:fatal:protocol version > Tue Oct 2 14:07:43 2018 : Error: rlm_eap: SSL error error:1408F10B:SSL > routines:SSL3_GET_RECORD:wrong version number Meaning that - if your RADIUS can only do SSLv3, and not higher (that's what the log says) - your openssl won't use it whatever. Because security. You could try to file a wishlist bug against src:openssl and ask to revert the change, but I predict that the answer would be 'fix your RADIUS'. Reco