It's definitely the infrastructure that's using old TLS. As for the unsafe renegotiation, that happens because the server does not send a renegotiation_info extension in its ServerHello message. See https://datatracker.ietf.org/doc/html/rfc5746. See specifically section 4.1, which discusses client behavior. OpenSSL 3 defaults to the secure client behavior, which requires the server to support RFC5746.
For the "0A0C0103:SSL routines::internal error" the issue is that these servers only offer TLS 1.1 or older, which uses MD5-SHA1 as digest in its signature algorithm. Due to recent collision attacks on SHA1, this no longer meets OpenSSL default level of security of 80 bits (see https://sha-mbles.github.io/, which reduced the chosen-prefix collision to 63.4 bits). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: "Connection failed" for WPA Enterprise network (e.g. eduroam) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
