[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: WPA error: TLS Alert write:fatal:protocol version

Le 02/10/2018 à 17:09, Dominik George a écrit :
> On Tue, Oct 02, 2018 at 04:08:41PM +0200, Pétùr wrote:
>> On debian sid, I have the following error when trying to connect to a WPA2 Entreprise network (PEAP + MSCHAPv2) with :
>> Tue Oct  2 14:07:43 2018 : Error: TLS Alert write:fatal:protocol version
>> Tue Oct  2 14:07:43 2018 : Error: rlm_eap: SSL error error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
>> Tue Oct  2 14:07:43 2018 : Error: SSL: SSL_read failed in a system call (-1), TLS session fails.
>> Tue Oct  2 14:07:43 2018 : Auth: Login incorrect (TLS Alert write:fatal:protocol version): [login@myuniversity.com]
> OpenSSL 1.1.1, and pretty much everything using it, is now disabling TLS 1.1
> by default. That's probably what you see here, and it means that your RADIUS
> server supports only deprecated TLS versions.
> You can enable TLS 1.1 in your wpa_supplicant config, but the real fix is to
> enable TLS 1.2 on your RADIUS server. That has been enabled by default in
> freeradius in Debian since at least jessie, to give you an idea of how
> outdated the setup is ;).

Thanks, I think the tls version is the problem.

I configured wpa_supplicant (because network-manager does not offer
option for the TLS version).

Do you know what exact option is needed by wpa_supplicant to allow TLS 1.1 ?

I tried to add "phase1="tls_disable_tlsv1_2=1"" (see below the complete
wpa_supplicant configuration.

With this option, I don't have the error message but I don't have a
working connexion either.


  ssid="University network"
  group=CCMP TKIP


Reply to: