Still an issue on 14.10 with wpa_supplicant 2.3.
It seems to be cause by SSL enforcing a higher DH key length (>768 bit).
Although I tried the non-updated version 1.0.1f (0.9 instead of 0.9.8) the behaviour is still the same.
Should indeed be fixed on the server side, a new DH key should be generated.
More info : https://weakdh.org/
I tried working around it by having TLS 1.2 disabled but that did not work for me.
I suppose Windows and Android users are still happily exposed, but us Linux users can simply not use the wifi network with poor security setup.
I read it might be worked around to by compiling wpa_supplicant with gnutls, I am not going to try.
I filed an internal request to fix the key here, hope it will be done, because it may depend on hardware firmware availability.
If anyone found a way to make wpa_supplicant deal with this, or openssl (without a downgrade) please post your workaround.
Network-manager is missing phase1 settings, so you have to stop it and use wpa_supplicant like:
wpa_supplicant -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf
Still an issue on 14.10 with wpa_supplicant 2.3.
It seems to be cause by SSL enforcing a higher DH key length (>768 bit).
Although I tried the non-updated version 1.0.1f (0.9 instead of 0.9.8) the behaviour is still the same.
Should indeed be fixed on the server side, a new DH key should be generated. /weakdh. org/
More info : https:/
I tried working around it by having TLS 1.2 disabled but that did not work for me.
I suppose Windows and Android users are still happily exposed, but us Linux users can simply not use the wifi network with poor security setup.
I read it might be worked around to by compiling wpa_supplicant with gnutls, I am not going to try.
I filed an internal request to fix the key here, hope it will be done, because it may depend on hardware firmware availability.
If anyone found a way to make wpa_supplicant deal with this, or openssl (without a downgrade) please post your workaround.
Network-manager is missing phase1 settings, so you have to stop it and use wpa_supplicant like: supplicant/ wpa_supplicant. conf
wpa_supplicant -i wlan0 -c /etc/wpa_