Thanks Mathieu for separating the MTU issues from the PMK key mismatch problems during TLS 1.2 negociation.
I'm facing the latter: and tried to apply this patch: "EAP-TLS/TTLS/PEAP workaround for incorrect TLS v1.2 MSK derivation" http://lists.shmoo.com/pipermail/hostap/2015-July/033312.html https://patchwork.ozlabs.org/patch/493119/ It does work to the extend that it recognizes the key mismatch problems with the Aruba Networks buggy TLS 1.2 implementation that I'm connecting to "wpa_supplicant[1504]: wlan1: RSN: PMKID mismatch - authentication server may have derived different MSK?!" According to the above mentioned patch Aruba ClearPass Policy Manager before 6.5.2 has those issues. However the walkaround doesn't seem to work - or I made a mistake appyling the patch. The hostap upstream code for which the patch has been developed differs to some extend from the ubuntu version one. Therefore two walkarounds remain a) downgrade wpasupplicant to version <= 2.3 lacking TLS v1.1 support b) enforcing TLS 1.1 on wpasupplicant 2.4-0ubuntu3.2 $ cat wpa_supplicant.conf network={ ssid="YOUR_SSID_HERE" key_mgmt=WPA-EAP eap=PEAP identity="YOUR_USERNAME_HERE" password="YOUR_PASSWORD_HERE" phase1="tls_disable_tlsv1_2=1" phase2="auth=MSCHAPV2" } $ sudo service network-manager stop $ sudo wpa_supplicant -i wlan1 -D wext -c ./wpa_supplicant.conf -dd $ sudo dhclient wlan1 I didn't find a way to enforce TLS 1.1 via KDEs 5.x GUI interface. And neither to inject the settings directly into network-manager though I think that should work as well. Had to stop network-manager - it wouldn't work otherwise. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1501588 Title: Wily's wpasupplicant frequently fails on WPA enterprise networks To manage notifications about this bug go to: https://bugs.launchpad.net/hostap/+bug/1501588/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs