Bug#907518: New libssl1.1 1.1.1~~pre9-1 in unstable breaks connecting to some wifi networks
Package: wpasupplicant Version: 2:2.7~git20181004+1dd66fc-1 Followup-For: Bug #907518 wpasupplicant should accept a tls MinVersion parameter to be specified per-network. Nobody wants to adjust the global setting just to connect to an outdated system. As pointed out, I also spotted this while trying to connect to eduroam. I raised the issue to the local admin, but meanwhile I had no choice but to lower the MinVersion for everything else in the system too. With per-ssid settings, I could actually set even stricter requirements for my own networks, which would be a big plus. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (900, 'unstable'), (800, 'experimental'), (500, 'unstable-debug') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-rc7-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages wpasupplicant depends on: ii adduser 3.118 ii libc6 2.27-6 ii libdbus-1-3 1.12.10-1 ii libnl-3-200 3.4.0-1 ii libnl-genl-3-200 3.4.0-1 ii libpcsclite1 1.8.24-1 ii libreadline7 7.0-5 ii libssl1.1 1.1.1-1 ii lsb-base 9.20170808 wpasupplicant recommends no packages. Versions of packages wpasupplicant suggests: pn libengine-pkcs11-openssl ii wpagui2:2.6-18
Bug#907518: New libssl1.1 1.1.1~~pre9-1 in unstable breaks connecting to some wifi networks
Similar story here. The update broke eduroam networks for me, but downgrading to the testing package makes the issue disappear. --- wpa_supplicant[11832]: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21 wpa_supplicant[11832]: wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected wpa_supplicant[11832]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version wpa_supplicant[11832]: OpenSSL: openssl_handshake - SSL_connect error:1425F18C:SSL routines:ssl_choose_client_version:version too low wpa_supplicant[11832]: wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed ---
Bug#907518: New libssl1.1 1.1.1~~pre9-1 in unstable breaks connecting to some wifi networks
Same for me, Doesn't work with any of the EAP methods I've tried with WPA Enterprise. wpa_supplicant[702]: wlp1s0: CTRL-EVENT-EAP-STARTED EAP authentication started wpa_supplicant[702]: wlp1s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK wpa_supplicant[702]: wlp1s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21 wpa_supplicant[702]: wlp1s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected wpa_supplicant[702]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version wpa_supplicant[702]: OpenSSL: openssl_handshake - SSL_connect error:1425F18C:SSL routines:ssl_choose_client_version:version too low wpa_supplicant[702]: wlp1s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed Rolling back libssl1.1 to 1.1.0h-4 solves the problem for me. On Tue, 28 Aug 2018 16:27:59 -0700 Josh Triplett wrote: > Package: wpasupplicant > Version: 2:2.6-18 > Severity: important > > With libssl1.1 1.1.1~~pre9-1, which more aggressively deprecates smaller > key sizes by default, I can no longer connect to my office wifi network: > > wpa_supplicant[523]: OpenSSL: pending error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error > wpa_supplicant[523]: OpenSSL: pending error: error:140C800D:SSL routines:SSL_use_certificate_file:ASN1 lib > wpa_supplicant[523]: OpenSSL: pending error: error:140C618E:SSL routines:SSL_use_certificate:ca md too weak > wpa_supplicant[523]: TLS: Failed to set TLS connection parameters > wpa_supplicant[523]: EAP-TLS: Failed to initialize SSL. > wpa_supplicant[523]: wlp4s0: EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS) > > Downgrading libssl1.1 to 1.1.0h-4 allows me to connect again. Please > adjust the defaults that wpasupplicant initializes OpenSSL with to > continue to allow connecting to such networks. > > -- System Information: > Debian Release: buster/sid > APT prefers unstable > APT policy: (500, 'unstable'), (1, 'experimental') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 4.17.0-3-amd64 (SMP w/4 CPU cores) > Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages wpasupplicant depends on: > ii adduser 3.117 > ii libc6 2.27-5 > ii libdbus-1-3 1.12.10-1 > ii libnl-3-200 3.4.0-1 > ii libnl-genl-3-200 3.4.0-1 > ii libpcsclite1 1.8.23-3 > ii libreadline7 7.0-5 > ii libssl1.1 1.1.1~~pre9-1 > ii lsb-base 9.20170808 > > wpasupplicant recommends no packages. > > Versions of packages wpasupplicant suggests: > pn libengine-pkcs11-openssl > pn wpagui > > -- no debconf information > >
Bug#907518: New libssl1.1 1.1.1~~pre9-1 in unstable breaks connecting to some wifi networks
Package: wpasupplicant Version: 2:2.6-18 Severity: important With libssl1.1 1.1.1~~pre9-1, which more aggressively deprecates smaller key sizes by default, I can no longer connect to my office wifi network: wpa_supplicant[523]: OpenSSL: pending error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error wpa_supplicant[523]: OpenSSL: pending error: error:140C800D:SSL routines:SSL_use_certificate_file:ASN1 lib wpa_supplicant[523]: OpenSSL: pending error: error:140C618E:SSL routines:SSL_use_certificate:ca md too weak wpa_supplicant[523]: TLS: Failed to set TLS connection parameters wpa_supplicant[523]: EAP-TLS: Failed to initialize SSL. wpa_supplicant[523]: wlp4s0: EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS) Downgrading libssl1.1 to 1.1.0h-4 allows me to connect again. Please adjust the defaults that wpasupplicant initializes OpenSSL with to continue to allow connecting to such networks. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.17.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages wpasupplicant depends on: ii adduser 3.117 ii libc6 2.27-5 ii libdbus-1-3 1.12.10-1 ii libnl-3-200 3.4.0-1 ii libnl-genl-3-200 3.4.0-1 ii libpcsclite1 1.8.23-3 ii libreadline7 7.0-5 ii libssl1.1 1.1.1~~pre9-1 ii lsb-base 9.20170808 wpasupplicant recommends no packages. Versions of packages wpasupplicant suggests: pn libengine-pkcs11-openssl pn wpagui -- no debconf information
