[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
This bug was fixed in the package wpa - 2:2.10-9ubuntu1 --- wpa (2:2.10-9ubuntu1) kinetic; urgency=medium * debian/patches/lower_security_level_for_tls_1.patch: - set the OpenSSL security level to 0 if that is the only option to continue the TLS negotiation, i.e., when TLS 1.0/1.1 are still allowed in wpa_supplicant default configuration and OpenSSL 3.0 with the constraint on MD5-SHA1 use. Patch proposed by Jouni Malinen on the upstream mailinglist (lp: #1958267) -- Sebastien Bacher Tue, 31 May 2022 16:03:29 +0200 ** Changed in: wpa (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
Thanks for the testing and feedback, I've uploaded the fix in the SRU reviews queue now -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
#76 works here too -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
#76 also works on my work's WPA2 Enterprise. PEAP Authentication, No CA cert required; Auto PEAP; MSCHAPv2 inner authentication with user & pass entered. 22.04 Jammy. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
Confirm #76 Works for me with enterprise Wifi. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
I've just installed 2:2.10-9ubuntu1 amd64 and I can confirm that it works on Kubuntu 22.04 LTS for my university's WPA2 Enterprise network. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
I've uploaded a candidate patch proposed upstream for testing to kinetic, could those having the issue try if the deb on https://launchpad.net/ubuntu/+source/wpa/2:2.10-9ubuntu1/+build/23801450/+files/wpasupplicant_2.10-9ubuntu1_amd64.deb resolve the connection problems? the deb should install without issue on the LTS -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
** Changed in: wpa (Ubuntu) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
The n-m SRU is available for testing now, https://bugs.launchpad.net/bugs/1974428 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
The n-m update is fixing the case where 'Only devices that support WPA3 are able to connect to the AP' but for example Ricardo said that downgrading wpa_supplicant fixed the problem for him which means there is also an issue with wpa in some cases. In any case those issues are not what the current bug is about so please report a new ticket with a debug log, we will mark them duplicates of existing reports if needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
We updated kinetic to 1.38 earlier this week which was a prerequired and upstream rolled a stable update in the 1.36 yesterday which should be uploaded later today, then it needs to get reviewed and accepted -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
Sebastien wrote "which is going to be fixing in the next network-manager". Maybe i misunderstood the post? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
We updated kinetic to 1.38 earlier this week which was a prerequired and upstream rolled a stable update in the 1.36 yesterday which should be uploaded later today, then it needs to get reviewed and accepted -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
@Dustin, do you have a specific issue that you believe is solved with a newer NetworkManager? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
@Sebastien Bacher Is there any ETA for the next network-manager version on ubuntu 22.04 ? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
could you report a new bug about the hotspot issue including a debug log? there is also bug #1972790 and https://mail.gnome.org/archives/networkmanager- list/2022-March/msg00016.html which is going to be fixing in the next network-manager but if downgrading wpa resolves the issue for you then it's probably another bug -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
Somewhat related, using a NetworkManager Wifi Hotspot, latest Apple devices refuse to connect unless I downgrade to Impish version of wpa_supplicant and libssl1.1. Other workarounds detailed here do not solve it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
I updated to wpasupplicant 2:2.10-6, and I was able to undo the modifications from #22 and still connect normally using PEAP and MSCHAPv2 authentication, confirmed by restarting wpasupplicant service and reboot. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
** Changed in: wpa (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
Retitling this report to focus on the issue connecting to TLS <= 1.1 servers, which is reported upstream now on http://lists.infradead.org/pipermail/hostap/2022-May/040563.html ** Summary changed: - "Connection failed" for WPA Enterprise network (e.g. eduroam) + wpa can't connect to servers using TLS 1.1 or older ** Changed in: wpa (Ubuntu) Status: Confirmed => Triaged ** Description changed: + wpa built with in openssl3 fails to connect to TLS 1.1 or lower server + + those uses MD5-SHA1 as digest in its signature algorithm which no longer + meets OpenSSL default level of security of 80 bits + + http://lists.infradead.org/pipermail/hostap/2022-May/040563.html + + Workaround are described in #22 and #36 by basically using + CipherString = DEFAULT@SECLEVEL=0 + + which lowers the security level + + --- + With the current jammy version of wpasupplicant (2:2.10-1), I cannot connect to the WPA Enterprise network eduroam, which is used by Universities worldwide. I get a "Connection failed" message or a request to re-enter the password. - I've re-tried the credentials: no fix ;-) - Tried a 21.10 live session on the same machine: works fine! - Manually downgraded wpasupplicant to the impish version (2:2.9.0-21build1): connected normally. - Upgraded wpasupplicant to the latest version: fails to connect again. - ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: wpasupplicant 2:2.10-1 ProcVersionSignature: Ubuntu 5.15.0-17.17-generic 5.15.12 Uname: Linux 5.15.0-17-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.11-0ubuntu75 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Tue Jan 18 09:56:23 2022 InstallationDate: Installed on 2021-11-30 (48 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20211130) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: wpa UpgradeStatus: No upgrade log present (probably fresh install) ** Changed in: wpa (Ubuntu Jammy) Milestone: None => ubuntu-22.04.1 ** Bug watch added: Debian Bug tracker #1011121 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011121 ** Changed in: wpa (Debian) Status: Fix Released => Unknown ** Changed in: wpa (Debian) Remote watch: Debian Bug tracker #1010603 => Debian Bug tracker #1011121 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs