Vincent Lefevre wrote: > Hi, > > Under Debian/unstable, I can't connect to eduroam due to the following > reason: > > Jun 17 13:58:31 qaa wpa_supplicant[1184]: wlp0s20f3: > CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 > Jun 17 13:58:31 qaa wpa_supplicant[1184]: wlp0s20f3: CTRL-EVENT-EAP-METHOD > EAP vendor 0 method 25 (PEAP) selected > Jun 17 13:58:31 qaa wpa_supplicant[1184]: SSL: SSL3 alert: write (local SSL3 > detected an error):fatal:protocol version > Jun 17 13:58:31 qaa wpa_supplicant[1184]: OpenSSL: openssl_handshake - > SSL_connect error:0A000102:SSL routines::unsupported protocol > Jun 17 13:58:36 qaa wpa_supplicant[1184]: wlp0s20f3: CTRL-EVENT-EAP-FAILURE > EAP authentication failed > > Anyone knows what's wrong? > > (There were such kinds of issues several years ago, but I thought > this was fixed.)
On stable: $ openssl list -disabled Disabled algorithms: IDEA MD2 MDC2 RC5 SCTP SSL3 ZLIB So, SSL3 support was removed at least that long ago. I think it was actually dropped around 2016. The problem is almost certainly that someone at the eduroam server config doesn't know the difference between SSL3 and TLS1.3, or something similar. You'll need to talk to them about why they haven't enabled TLS1, 1.1, 1.2 or 1.3 -- of these, only 1.2 and 1.3 are recommended. -dsr-
