Web lists-archives.com

WPA error: TLS Alert write:fatal:protocol version




Le 03/10/2018 à 16:35, Dominik George a écrit :
> 
>> I tried to add "phase1="tls_disable_tlsv1_2=1"" (see below the complete
>> wpa_supplicant configuration.
> That leaves you with only TLS 1.3, then ;).

Ok :-)

> You probably want to set tls_disable_tlsv1_1=0 instead, but I did not try (because please update the RADIUS server).

I tried this. With tls_disable_tlsv1_1=0 I have the alert (with no
working connexion):

SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
OpenSSL: openssl_handshake - SSL_connect error:1425F102:SSL
routines:ssl_choose_client_version:unsupported protocol
wlp3s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed

Anyway, it seems the TLS version is not the issue here. Indeed, I tried
also to downgrade openssl to the stable version (I use sid). After that,
wpa_supplicant can connect.

So the problem is a bug from openssl 1.1.1-1. I didn't see this before
because network-manager was not able to connect the first time I tried
to downgrade openssl. But wpa_supplicant does and now network-manager
does so I probably misconfigured nm the first time.

Thanks for the help