Re: OpenSSL disables TLS 1.0 and 1.1
- Date: Fri, 11 Aug 2017 13:34:53 +0200
- From: Sven Hartge <sven@xxxxxxxxxxxxx>
- Subject: Re: OpenSSL disables TLS 1.0 and 1.1
Marco d'Itri <md@xxxxxxxx> wrote:
> On Aug 09, Sven Hartge <sven@xxxxxxxxxxxxx> wrote:
>> Looking at https://developer.android.com/about/dashboards/index.html
>> there is still a marketshare of ~25% of smartphones based on Android
>> 5.0 and 5.1 and 16% based on 4.4. So this change would (at the
>> moment) block ~40% of Android smartphones from connecting to any WLAN
>> using PEAP or TTLS.
> Android 5.x should support TLS 1.2:
The Browser, yes. But not the components doing the WPA stuff:
| Aug 9 20:09:13 ds9 radiusd: (12924) Login incorrect (eap_ttls: TLS Alert write:fatal:protocol version): [owehxperia] (from client ap01 port 54 cli 30-39-26-xx-xx-xx)
| Aug 9 20:09:24 ds9 radiusd: (12928) eap_ttls: ERROR: TLS Alert write:fatal:protocol version
| Aug 9 20:09:24 ds9 radiusd: tls: TLS_accept: Error in error
Only recompiling openssl with TLS1.0 and TLS1.1 enabled allowed my phone
to connect successfully.
> but I see on your link that Android pre-5.x still has a ~25% market
> share, so unless it will drop a lot in the next year I do not think that
> we can cut them off from Debian-based web servers.
It is far more than 25%. Lollipop, Kitkat and Jelly Bean add up to ~52%
of marketshare and I don't think this number will drop significantly
below 25% in the next 2 to 3 years.
Sigmentation fault. Core dumped.