Hi, On Tue, Oct 02, 2018 at 04:08:41PM +0200, Pétùr wrote: > On debian sid, I have the following error when trying to connect to a WPA2 > Entreprise network (PEAP + MSCHAPv2) with : > > Tue Oct 2 14:07:43 2018 : Error: TLS Alert write:fatal:protocol version > Tue Oct 2 14:07:43 2018 : Error: rlm_eap: SSL error error:1408F10B:SSL > routines:SSL3_GET_RECORD:wrong version number > Tue Oct 2 14:07:43 2018 : Error: SSL: SSL_read failed in a system call (-1), > TLS session fails. > Tue Oct 2 14:07:43 2018 : Auth: Login incorrect (TLS Alert > write:fatal:protocol version): [lo...@myuniversity.com]
OpenSSL 1.1.1, and pretty much everything using it, is now disabling TLS 1.1 by default. That's probably what you see here, and it means that your RADIUS server supports only deprecated TLS versions. You can enable TLS 1.1 in your wpa_supplicant config, but the real fix is to enable TLS 1.2 on your RADIUS server. That has been enabled by default in freeradius in Debian since at least jessie, to give you an idea of how outdated the setup is ;). -nik
signature.asc
Description: PGP signature
