Description of problem: I am unable to connect to enterprise wifi networks (university/eduroam) where the radius servers have not been upgraded unless I change the configuration of openssl. Version-Release number of selected component (if applicable): 33 How reproducible: Consistently, if Try to connect to some enterprise wifi networks baked by old radius servers which expect TLS1.0 being in use. Steps to Reproduce: 1. Try to connect to a suitable network Actual results: I copy an extract of journalctl detailing the problem: Oct 28 15:15:39 amon wpa_supplicant[862]: OpenSSL: openssl_handshake - SSL_connect error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol Oct 28 15:15:39 amon wpa_supplicant[862]: wlp3s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed Oct 28 15:15:41 amon wpa_supplicant[862]: wlp3s0: Authentication with 9c:8c:d8:c8:3b:50 timed out. Oct 28 15:15:41 amon wpa_supplicant[862]: wlp3s0: CTRL-EVENT-DISCONNECTED bssid=9c:8c:d8:c8:3b:50 reason=3 locally_generated=1 Oct 28 15:15:41 amon wpa_supplicant[862]: wlp3s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="Ateneo" auth_failures=1 duration=10 reason=AUTH_FAILED Oct 28 15:15:41 amon wpa_supplicant[862]: dbus: wpa_dbus_property_changed: no property SessionLength in object /fi/w1/wpa_supplicant1/Interfaces/0 Oct 28 15:15:41 amon wpa_supplicant[862]: wlp3s0: CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD Oct 28 15:15:41 amon wpa_supplicant[862]: wlp3s0: CTRL-EVENT-REGDOM-CHANGE init=USER type=COUNTRY alpha2=IT Oct 28 15:15:54 amon wpa_supplicant[862]: wlp3s0: CTRL-EVENT-SSID-REENABLED id=0 ssid="Ateneo" Oct 28 15:15:54 amon wpa_supplicant[862]: wlp3s0: SME: Trying to authenticate with 9c:8c:d8:c8:9c:50 (SSID='Ateneo' freq=5660 MHz) Oct 28 15:15:54 amon wpa_supplicant[862]: wlp3s0: Trying to associate with 9c:8c:d8:c8:9c:50 (SSID='Ateneo' freq=5660 MHz) Oct 28 15:15:54 amon wpa_supplicant[862]: wlp3s0: Associated with 9c:8c:d8:c8:9c:50 Oct 28 15:15:54 amon wpa_supplicant[862]: wlp3s0: CTRL-EVENT-EAP-STARTED EAP authentication started Oct 28 15:15:54 amon wpa_supplicant[862]: wlp3s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 Oct 28 15:15:55 amon wpa_supplicant[862]: wlp3s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK Oct 28 15:15:55 amon wpa_supplicant[862]: wlp3s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21 Oct 28 15:15:55 amon wpa_supplicant[862]: wlp3s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected Oct 28 15:15:55 amon wpa_supplicant[862]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version Oct 28 15:15:55 amon wpa_supplicant[862]: OpenSSL: openssl_handshake - SSL_connect error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol Oct 28 15:15:55 amon wpa_supplicant[862]: wlp3s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed Oct 28 15:15:57 amon wpa_supplicant[862]: wlp3s0: Authentication with 9c:8c:d8:c8:9c:50 timed out. Oct 28 15:15:57 amon wpa_supplicant[862]: wlp3s0: CTRL-EVENT-DISCONNECTED bssid=9c:8c:d8:c8:9c:50 reason=3 locally_generated=1 Oct 28 15:15:57 amon wpa_supplicant[862]: wlp3s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="Ateneo" auth_failures=2 duration=23 reason=AUTH_FAILED Expected results: The connection succeeds. Additional info: This is not a bug, but an unexpected behaviour, since F32 could connect without problems. So, it should be somehow documented somewhere, I feel. The relevant error is: Oct 28 15:15:39 amon wpa_supplicant[862]: OpenSSL: openssl_handshake - SSL_connect error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol In order to fix this I had to edit /etc/crypto-policies/back-ends/opensslcnf.config in order to set MinProtocol = TLSv1.0. indeed, with the following config everything works (but I assume that now TLSv1.0 might be used also for things different from wpa_supplicant, which is unfortunate). CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 MinProtocol = TLSv1.0 MaxProtocol = TLSv1.3 SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
I think this is a consequence of the deprecation of legacy cryptographic protocols described here: https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2 We already have another bug report for this issue; closing this one as duplicate. *** This bug has been marked as a duplicate of bug 1892435 ***
I also had such a bug, it actually didn't resolve or I failed to do this, because when I tried to connect from another device everything was ok. On this occasion, because I had problems with the school network and I failed to make a research paper, I decided to look for for sale, by the way I used this source https://paperell.net/research-papers-for-sale because I liked the price and quality, on this occasion I became a regular customer of theirs because it is very fast and convenient. Moreover, now my success is better and the time I give to programming has increased and I manage to solve all the problems related to the university.