Description of problem: After updating to wpa_supplicant 2.4-3 on July 1, was unable to connect to my corporate wifi access point. Subsequent downgrade to wpa_supplicant 2.3-3 fixed access problem, so I think this is a wpa_supplicant bug
Version-Release number of selected component (if applicable): wpa_supplicant 2.4-3
How reproducible: Upgrade to 2.4-3 try to access wpa/wpa2 wifi with TTLS authentication that has been working for well over a year now. Fails. Downgrade to 2.3-3 and it works again.
Steps to Reproduce: See above
1. Select network in NetworkManager
2. Does not connect
3. Keeps asking for password
Additional info: PEAP, TLS, other authentication protocols produced the same ssl handshake error (dh key too small). "No CA required" was checked in NetworkManager in both cases, but I'm not sure if I snipped out the right part of the wpa_supplicant log in the failure case--I was trying everything. The SSL handshake failure was consistent under all attempts to authenticate no matter what drop downs/boxes were selected in NetworkManager under 2.4-3. Now that I have it working, I am loathe to break it again.
Description of problem: After updating to wpa_supplicant 2.4-3 on July 1, was unable to connect to my corporate wifi access point. Subsequent downgrade to wpa_supplicant 2.3-3 fixed access problem, so I think this is a wpa_supplicant bug
Version-Release number of selected component (if applicable): wpa_supplicant 2.4-3
How reproducible: Upgrade to 2.4-3 try to access wpa/wpa2 wifi with TTLS authentication that has been working for well over a year now. Fails. Downgrade to 2.3-3 and it works again.
Steps to Reproduce: See above
1. Select network in NetworkManager
2. Does not connect
3. Keeps asking for password
Actual results:
From /etc/wpa_ supplicant. log after upgrade:
wlp12s0: SME: Trying to authenticate with e0:1c:41:34:19:e9 (SSID='CICS' freq=5220 MHz) REGDOM- CHANGE init=COUNTRY_IE type=COUNTRY alpha2=US EAP-STARTED EAP authentication started EAP-PROPOSED- METHOD vendor=0 method=21 EAP-METHOD EAP vendor 0 method 21 (TTLS) selected EAP-PEER- CERT depth=2 subject= '/C=US/ O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authori 9e93ca64274c0ec 67c1ecc5e024ffc acd2d74019350e8 1fe546ae4 EAP-PEER- CERT depth=2 subject= '/C=US/ O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authori 9e93ca64274c0ec 67c1ecc5e024ffc acd2d74019350e8 1fe546ae4 EAP-PEER- CERT depth=1 subject= '/C=US/ ST=Arizona/ L=Scottsdale/ O=GoDaddy. com, Inc./OU=http:// certificates. g com/repository/ CN=Go Daddy Secure Certification Authority/ serialNumber= 07969287' hash=09ed6e991f c3273d8fea317d3 39c0204 1558f411f11211a a3 EAP-PEER- CERT depth=0 subject='/OU=Domain Control Validated/ CN=cicsnc. org' hash=598c9bcc63 d9e114262181d14 0eb762e701b689b 0e309f9b7 EAP-PEER- ALT depth=0 DNS:cicsnc.org EAP-PEER- ALT depth=0 DNS:www.cicsnc.org EAP-PEER- ALT depth=0 DNS:osx.cicsnc.org EAP-PEER- ALT depth=0 DNS:osx2.cicsnc.org fatal:handshake failure SSL3_CHECK_ CERT_AND_ ALGORITHM: dh key too small EAP-FAILURE EAP authentication failed DISCONNECTED bssid=e0: 1c:41:34: 19:e9 reason=3 locally_generated=1 SSID-TEMP- DISABLED id=0 ssid="CICS" auth_failures=1 duration=10 reason=AUTH_FAILED SSID-TEMP- DISABLED id=0 ssid="CICS" auth_failures=2 duration=35 reason=CONN_FAILED
wlp12s0: Trying to associate with e0:1c:41:34:19:e9 (SSID='CICS' freq=5220 MHz)
wlp12s0: Associated with e0:1c:41:34:19:e9
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
ty' hash=c3846bf24b
wlp12s0: CTRL-EVENT-
ty' hash=c3846bf24b
wlp12s0: CTRL-EVENT-
odaddy.
1861973549cfa6e
wlp12s0: CTRL-EVENT-
dfed5372381b7ae
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
SSL: SSL3 alert: write (local SSL3 detected an error):
OpenSSL: openssl_handshake - SSL_connect error:14082174:SSL routines:
wlp12s0: CTRL-EVENT-
wlp12s0: Authentication with e0:1c:41:34:19:e9 timed out.
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
After downgrade:
wlp12s0: Trying to associate with e0:1c:41:34:19:e9 (SSID='CICS' freq=5220 MHz) EAP-STARTED EAP authentication started REGDOM- CHANGE init=COUNTRY_IE type=COUNTRY alpha2=US EAP-PROPOSED- METHOD vendor=0 method=21 EAP-METHOD EAP vendor 0 method 21 (TTLS) selected EAP-PEER- CERT depth=2 subject= '/C=US/ O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authori EAP-PEER- CERT depth=2 subject= '/C=US/ O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authori EAP-PEER- CERT depth=1 subject= '/C=US/ ST=Arizona/ L=Scottsdale/ O=GoDaddy. com, Inc./OU=http:// certificates. g com/repository/ CN=Go Daddy Secure Certification Authority/ serialNumber= 07969287' EAP-PEER- CERT depth=0 subject='/OU=Domain Control Validated/ CN=cicsnc. org' EAP-SUCCESS EAP authentication completed successfully CONNECTED - Connection to e0:1c:41:34:19:e9 completed [id=0 id_str=] SIGNAL- CHANGE above=1 signal=-62 noise=9999 txrate=6000 SIGNAL- CHANGE above=1 signal=-59 noise=9999 txrate=81000 SIGNAL- CHANGE above=0 signal=-67 noise=9999 txrate=135000 SIGNAL- CHANGE above=1 signal=-59 noise=9999 txrate=6000 SIGNAL- CHANGE above=0 signal=-67 noise=9999 txrate=121500 SIGNAL- CHANGE above=1 signal=-61 noise=9999 txrate=135000 SIGNAL- CHANGE above=0 signal=-67 noise=9999 txrate=6000 SIGNAL- CHANGE above=1 signal=-61 noise=9999 txrate=6000 SIGNAL- CHANGE above=0 signal=-67 noise=9999 txrate=135000
wlp12s0: Associated with e0:1c:41:34:19:e9
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
ty'
wlp12s0: CTRL-EVENT-
ty'
wlp12s0: CTRL-EVENT-
odaddy.
wlp12s0: CTRL-EVENT-
EAP-MSCHAPV2: Authentication succeeded
wlp12s0: CTRL-EVENT-
wlp12s0: WPA: Key negotiation completed with e0:1c:41:34:19:e9 [PTK=CCMP GTK=CCMP]
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
Expected results: The latter results are expected
Additional info: PEAP, TLS, other authentication protocols produced the same ssl handshake error (dh key too small). "No CA required" was checked in NetworkManager in both cases, but I'm not sure if I snipped out the right part of the wpa_supplicant log in the failure case--I was trying everything. The SSL handshake failure was consistent under all attempts to authenticate no matter what drop downs/boxes were selected in NetworkManager under 2.4-3. Now that I have it working, I am loathe to break it again.