Hi, On Tue, Oct 02, 2018 at 04:08:41PM +0200, Pétùr wrote: > On debian sid, I have the following error when trying to connect to a WPA2 Entreprise network (PEAP + MSCHAPv2) with : > > Tue Oct 2 14:07:43 2018 : Error: TLS Alert write:fatal:protocol version > Tue Oct 2 14:07:43 2018 : Error: rlm_eap: SSL error error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number > Tue Oct 2 14:07:43 2018 : Error: SSL: SSL_read failed in a system call (-1), TLS session fails. > Tue Oct 2 14:07:43 2018 : Auth: Login incorrect (TLS Alert write:fatal:protocol version): [login@myuniversity.com] OpenSSL 1.1.1, and pretty much everything using it, is now disabling TLS 1.1 by default. That's probably what you see here, and it means that your RADIUS server supports only deprecated TLS versions. You can enable TLS 1.1 in your wpa_supplicant config, but the real fix is to enable TLS 1.2 on your RADIUS server. That has been enabled by default in freeradius in Debian since at least jessie, to give you an idea of how outdated the setup is ;). -nik
Attachment:
signature.asc
Description: PGP signature