Re: openssl 1.1.1-1: bug?
On Fri, Oct 05, 2018 at 12:41:44PM +0200, Pétùr wrote:
> I cannot connect to WPA2 Entreprise network (PEAP + MSCHAPv2) with
> openssl 1.1.1-1 (in sid today). I can connect 1.1.0f-3+deb9u2 version
> Is it a bug in openssl 1.1.1-1 or some kind of incompatibility between
> openssl 1.1.1-1 and my radius server?
No, it's considered a feature. openssl=1.1.1-1 changelog has this
openssl (1.1.1~~pre3-1) experimental; urgency=medium
* Enable system default config to enforce TLS1.2 as a minimum.
-- Sebastian Andrzej Siewior <firstname.lastname@example.org> Wed, 21 Mar 2018 00:01:08 +0100
> The error log with the 1.1.1-1 version says:
> Tue Oct 2 14:07:43 2018 : Error: TLS Alert write:fatal:protocol version
> Tue Oct 2 14:07:43 2018 : Error: rlm_eap: SSL error error:1408F10B:SSL
> routines:SSL3_GET_RECORD:wrong version number
Meaning that - if your RADIUS can only do SSLv3, and not higher (that's
what the log says) - your openssl won't use it whatever. Because
You could try to file a wishlist bug against src:openssl and ask to
revert the change, but I predict that the answer would be 'fix your