diff --git a/docs/wifi.md b/docs/wifi.md index 16b2e02512b233e763e26ca2caf9159b75a13590..75ff1ffda3a68a3891d1300395f60eef7062bfe9 100644 --- a/docs/wifi.md +++ b/docs/wifi.md @@ -58,3 +58,29 @@ passphrase and the SSID. Please refer to this [netctl section](https://wiki.archlinux.org/index.php/netctl#Obfuscate_wireless_passphrase). You can find other configuration examples in `/etc/netctl/examples/`. + +## Troubleshooting + +### TLS 1.0/1.1 + +TLS versions 1.0 and 1.1 are still in use and are being deprecated and disabled +by some operating systems. If `journalctl -e -u wpa_supplicant.service` (the +service name may change depending on your distribution) reports something like: + +``` +wlp2s0: SME: Trying to authenticate with 9c:5d:12:de:c4:e4 (SSID='IONIS' freq=5180 MHz) +wlp2s0: Trying to associate with 9c:5d:12:de:c4:e4 (SSID='IONIS' freq=5180 MHz) +wlp2s0: Associated with 9c:5d:12:de:c4:e4 +wlp2s0: CTRL-EVENT-EAP-STARTED EAP authentication started +wlp2s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 +wlp2s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 +wlp2s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected +SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version +OpenSSL: openssl_handshake - SSL_connect error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol +wlp2s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed +``` + +You have to allow explicitly the legacy security policies. For Fedora 33+, see +https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2. + +