On 18. 12. 9., Cy Schubert wrote: > Author: cy > Date: Sun Dec 9 06:45:49 2018 > New Revision: 341759 > URL: https://svnweb.freebsd.org/changeset/base/341759 > > Log: > MFV r341618: > > Update wpa 2.6 --> 2.7.
... This broke my network configuration and I found the following messages from /dev/log/message. ... bge0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 ... bge0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected ... SSL: SSL3 alert: write (local SSL3 detected an error):fatal:internal error ... OpenSSL: openssl_handshake - SSL_connect error:141A90B5:SSL routines:ssl_cipher_list_to_bytes:no ciphers available ... bge0: CTRL-EVENT-EAP-FAILURE EAP authentication failed I tracked it down and found default ciphers were not set because usr.sbin/wpa/Makefile.inc added an empty string, i.e., -DTLS_DEFAULT_CIPHERS=\"\". With the attached patch, I got my connection back. Jung-uk Kim
Index: usr.sbin/wpa/Makefile.inc
===================================================================
--- usr.sbin/wpa/Makefile.inc (revision 341826)
+++ usr.sbin/wpa/Makefile.inc (working copy)
@@ -32,6 +32,6 @@ CFLAGS+=-I${WPA_DISTDIR}/src/wps
CFLAGS+= -DCONFIG_CTRL_IFACE
CFLAGS+= -DCONFIG_CTRL_IFACE_UNIX
CFLAGS+= -DNEED_AP_MLME
-CFLAGS+= -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\"
+CFLAGS+= -DTLS_DEFAULT_CIPHERS=\"DEFAULT:!EXP:!LOW\"
.include <bsd.own.mk>
signature.asc
Description: OpenPGP digital signature
