Web lists-archives.com

Re: OpenSSL disables TLS 1.0 and 1.1




Kurt Roeckx <kurt@xxxxxxxxx> wrote:
> On Fri, Aug 11, 2017 at 01:34:53PM +0200, Sven Hartge wrote:
>> Marco d'Itri <md@xxxxxxxx> wrote:
>>> On Aug 09, Sven Hartge <sven@xxxxxxxxxxxxx> wrote:
 
>> >> Looking at https://developer.android.com/about/dashboards/index.html
>> >> there is still a marketshare of ~25% of smartphones based on Android
>> >> 5.0 and 5.1 and 16% based on 4.4. So this change would (at the
>> >> moment) block ~40% of Android smartphones from connecting to any WLAN
>> >> using PEAP or TTLS.
>> 
>> > Android 5.x should support TLS 1.2:
>> > http://caniuse.com/#search=TLS
>> 
>> The Browser, yes. But not the components doing the WPA stuff:
>> 
>> ,----
>> | Aug  9 20:09:13 ds9 radiusd[4179992]: (12924) Login incorrect (eap_ttls: TLS Alert write:fatal:protocol version): [owehxperia] (from client ap01 port 54 cli 30-39-26-xx-xx-xx)
>> | Aug  9 20:09:24 ds9 radiusd[4179992]: (12928) eap_ttls: ERROR: TLS Alert write:fatal:protocol version
>> | Aug  9 20:09:24 ds9 radiusd[4179992]: tls: TLS_accept: Error in error
>> `----
>> 
>> Only recompiling openssl with TLS1.0 and TLS1.1 enabled allowed my phone
>> to connect successfully.

> Any idea if this actually works with newer android phones?

It works with Android 6.0 on my tablet and with 7.1.1 on my newer phone.

> Could someone report this to Google? I consider everything broken by
> this a security issue and hope that Google will fix it in all releases
> they still support.

Given the track record of vendors of Android-based phones on shipping
*any* updates Google provides, I'd say the chance of those fixes
actually reaching the end-user are slim to none.

(My Samsung tablet for example got *two* updates in its whole 4 year
life span: one to 5.1 and one to 6.0. Monthy security fixes: none.)

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.