diff --git a/docs/wifi.md b/docs/wifi.md
index 16b2e02512b233e763e26ca2caf9159b75a13590..75ff1ffda3a68a3891d1300395f60eef7062bfe9 100644
--- a/docs/wifi.md
+++ b/docs/wifi.md
@@ -58,3 +58,29 @@ passphrase and the SSID. Please refer to this
 [netctl section](https://wiki.archlinux.org/index.php/netctl#Obfuscate_wireless_passphrase).
 
 You can find other configuration examples in `/etc/netctl/examples/`.
+
+## Troubleshooting
+
+### TLS 1.0/1.1
+
+TLS versions 1.0 and 1.1 are still in use and are being deprecated and disabled
+by some operating systems. If `journalctl -e -u wpa_supplicant.service` (the
+service name may change depending on your distribution) reports something like:
+
+```
+wlp2s0: SME: Trying to authenticate with 9c:5d:12:de:c4:e4 (SSID='IONIS' freq=5180 MHz)
+wlp2s0: Trying to associate with 9c:5d:12:de:c4:e4 (SSID='IONIS' freq=5180 MHz)
+wlp2s0: Associated with 9c:5d:12:de:c4:e4
+wlp2s0: CTRL-EVENT-EAP-STARTED EAP authentication started
+wlp2s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
+wlp2s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
+wlp2s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
+SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
+OpenSSL: openssl_handshake - SSL_connect error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
+wlp2s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
+```
+
+You have to allow explicitly the legacy security policies. For Fedora 33+, see
+https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2.
+
+