wpa supplicant disable of tls 1.0 or 1.1 failure
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Raspbian |
New
|
Undecided
|
Unassigned | ||
Bug Description
The following forum link explains the issue in reasonable detail...
https:/
The latest WPA supplicant package suggests the following changes to the conf file for a given wifi adapter configuration:
tls_disable_
tls_disable_
openssl_
However, neither the tls_disable_tlsv1_0 or tls_disable_tlsv1_1 configuration options are recognized correctly when attempting to use the update wpa supplicant configuration file. For example...
# wpa_supplicant -B -i wlan0 -c /etc/wpa_
Successfully initialized wpa_supplicant
Line 14: unknown global field 'tls_disable_
Line 14: Invalid configuration line 'tls_disable_
Line 15: unknown global field 'tls_disable_
Line 15: Invalid configuration line 'tls_disable_
Failed to read or parse configuration '/etc/wpa_
Thus the Wifi adapter fails to fully connect to the given network, for example DHCP IP Address is never acquired. Removing or disabling the tls 1.0 and tls 1.1 disable configuration settings, functionality returns to normal.
This happens on PiZero, Pi 1 Modelb (with USB wifi dongle), and Pi 3 mobel b, and 3 b+ thus far.
This is a security issue, in that TLS 1.2 or even 1.3 cannot be used. TLS 1.0 and 1.1 are a security risk given they are both obsolete at this point.
| information type: | Private Security → Public |
| summary: |
- wpa supplicant disable of tls + wpa supplicant disable of tls 1.0 or 1.1 failure |
