I built a version of wpasupplicant_0.7.3-6ubuntu2 that works for me, by switching from openssl to gnutls.
I think wpasupplicant with openssl was offering 57 ciphers and with gnutls it was around 15. (I didn't write the numbers down and am having trouble getting it to regenerate the client hello message), so am not certain. If wpa supplicant is building the list of ciphers from openssl for the client hello message, maybe it would also be possible disable some the rare ones? I tried some of the obvious things like -DOPENSSL_NO_RC2 -DOPENSSL_NO_DES, but later realised that was probably if you'd disabled those in openssl itself. It looks like each cipher offered takes 2 bytes, and the failing openssl packet was 261 bytes, so you just need to get it below 255 bytes -- so remove 3 ciphers? The patch I used to make it work, given the difficulties in getting acceptance for gnutls, I bet it'd cause other problems. --- wpasupplicant-0.7.3/debian/config/linux 2012-03-13 16:11:24.000000000 -0700 +++ wpasupplicant-0.7.3.new/debian/config/linux 2012-04-06 13:26:03.230123515 -0700 @@ -33,5 +33,5 @@ CONFIG_PEERKEY=y CONFIG_IEEE80211W=y -CONFIG_TLS=openssl +CONFIG_TLS=gnutls CONFIG_CTRL_IFACE_DBUS=y CONFIG_CTRL_IFACE_DBUS_NEW=y -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/969343 Title: Unable to connect to WPA enterprise wireless To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpasupplicant/+bug/969343/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
