wpa_supplicant on wired connection on FIPS fails to connect
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wpasupplicant (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Hello,
It would seem that wpa_supplicant, when used on a wired connection for 802.1x authentication, does not operate correctly on a Jammy system when FIPS is enabled (either fips or fips-updates). It's unclear what precisely is going on, but based on the logs we've seen thus far, it would appear that wpa_supplicant is failing to negotiate the connection (possibly due to disabled alg's):
---
wpa_supplicant[
wpa_supplicant[
wpa_supplicant[
---
In this particular example, the upstream radius server and certificates being used for authentication have all been verified to be FIPS-compliant, and other networked devices are in FIPS mode and are able to authenticate against it. There has been some recent patches pushed upstream to this as well[1] that may be related here too.
This connection is confirmed to otherwise be working fine when FIPS mode is disabled.
Thank you!
1. Description: Ubuntu 22.04.4 LTS
2. ii wpasupplicant 2:2.10-6ubuntu2 amd64 client support for WPA and WPA2 (IEEE 802.11i)
3. Connection is successful
4. Connection fails to negotiate
[1] https:/
For additional information, this is being configured in netplan. Here is the relevant (obfuscated) section of that configuration:
key-management: 802.1x
ca-certificate: /var/my_ dir/net/ certs/CA. pem
client- certificate: /var/my_ dir/net/ certs/Workstati onAuth. cert dir/net/ certs/Workstati onAuth. key
---
auth:
method: tls
client-key: /var/my_
identity: abcde01234
---