Comment 106 for bug 969343

It's quite possible that there are still existing issues and that the fix in -proposed does not fix the problem for everone. However, due to the nature of the problem, we will be pushing out the fix in -proposed anyway, since it fixes the problem for a good number of users. In fact, it fixes the problem for the only setup that we were able to reproduce with here in Canonical. Because of the way launchpad works, we unfortunatly have a 1:1 mapping of bugs to problems and there is no way to have this existing bug represent anything other than fixing it by disabling session ticket.

If you are still experiencing problems. Please open a new bug _and_ include a packet dump. Also, be aware that our fix only disables session tickets. Another new feature worth disabling is renegotation as show in the following patch. Also of interest is a packet dump with a downgraded and working openssl. Currently the upstream wpa has not addressed this issue, they have explicitly stated the fix we use can not be applied to their hostap.git repository.

Because downgrading openssl seems to fix the problem, this is evidence that this is an openssl problem and not a wpasupplicant problem. Additionally, it is may be caused by misbehaving or non-compliant eap servers, since many eap servers work with the new wpasupplicant/openssl combo.

http://w1.fi/bugz/attachment.cgi?id=235&action=diff