openssl 1.0.1f-1ubuntu2.15 prevents connection to WPA Enterprise networks
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
The current version of openssl/libssl in Ubuntu 14.04 (1.0.1f-
The WPA Enterprise network in question can be accessed a few different ways. One way uses TLS and certs, the other uses Tunneled TLS, no cert, but a username/password combination. Both methods break upon installing the new openssl & libssl.
I'm marking this as a security vulnerability because the only way (for me) to currently access WPA Enterprise networks is to run an older version of openssl&libssl.
lsb_release -rd
Description: Ubuntu 14.04.2 LTS
Release: 14.04
*Working* version of package:
apt-cache policy openssl
openssl:
Installed: 1.0.1f-1ubuntu2.12
Candidate: 1.0.1f-1ubuntu2.15
Version table:
1.
500 http://
500 http://
*** 1.0.1f-1ubuntu2.12 0
100 /var/lib/
1.
500 http://
The "candidate" version listed above breaks WPA enterprise.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: openssl 1.0.1f-1ubuntu2.12
ProcVersionSign
Uname: Linux 3.13.0-55-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.11
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Jun 29 13:05:58 2015
SourcePackage: openssl
UpgradeStatus: Upgraded to trusty on 2014-06-03 (391 days ago)
information type: | Private Security → Public |
Changed in openssl (Ubuntu): | |
status: | Triaged → Won't Fix |
The issue is probably caused by your WPA network using an insecure and easily compromised DH key size.
This is the change that went into the openssl update that is likely causing your issue:
As a security improvement, this update also modifies OpenSSL behaviour to
reject DH key sizes below 768 bits, preventing a possible downgrade
attack.