From bf9c7e23f8d92901894c6bb6c1a877dc9a08cf0a Mon Sep 17 00:00:00 2001 From: Edwin Carlinet Date: Tue, 4 May 2021 13:17:49 +0000 Subject: [PATCH 1/5] SSL 1.0/1.1 depreciation notice. --- docs/wifi.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/docs/wifi.md b/docs/wifi.md index 16b2e02..ccab299 100644 --- a/docs/wifi.md +++ b/docs/wifi.md @@ -58,3 +58,29 @@ passphrase and the SSID. Please refer to this [netctl section](https://wiki.archlinux.org/index.php/netctl#Obfuscate_wireless_passphrase). You can find other configuration examples in `/etc/netctl/examples/`. + +## Troubleshootings + +### TLS 1.0/1.1 + +``TLS < 1.2`` is still in used and are being deprecated and disabled by some OS security policies (e.g. Fedora 33). +If ``journalctl -e -u wpa_supplicant.service`` reports something like: + +``` +wlp2s0: SME: Trying to authenticate with 9c:5d:12:de:c4:e4 (SSID='IONIS' freq=5180 MHz) +wlp2s0: Trying to associate with 9c:5d:12:de:c4:e4 (SSID='IONIS' freq=5180 MHz) +wlp2s0: Associated with 9c:5d:12:de:c4:e4 +wlp2s0: CTRL-EVENT-EAP-STARTED EAP authentication started +wlp2s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 +wlp2s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 +wlp2s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected +SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version +OpenSSL: openssl_handshake - SSL_connect error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol +wlp2s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed +``` + +You have to allow explicitely the legacy security policies. (For fedora 33+, see [^1]). + +[^1] https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2 + + -- GitLab From ebd847d59a5ab096ab55e269a7bd5e789a1076c8 Mon Sep 17 00:00:00 2001 From: Edwin Carlinet Date: Tue, 4 May 2021 13:19:53 +0000 Subject: [PATCH 2/5] Fix typo. --- docs/wifi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/wifi.md b/docs/wifi.md index ccab299..00dec3f 100644 --- a/docs/wifi.md +++ b/docs/wifi.md @@ -63,7 +63,7 @@ You can find other configuration examples in `/etc/netctl/examples/`. ### TLS 1.0/1.1 -``TLS < 1.2`` is still in used and are being deprecated and disabled by some OS security policies (e.g. Fedora 33). +``TLS < 1.2`` is still in use and is being deprecated and disabled by some OS security policies (e.g. Fedora 33). If ``journalctl -e -u wpa_supplicant.service`` reports something like: ``` -- GitLab From 259621c4183728fd0947e35f83a3f9db599cc57e Mon Sep 17 00:00:00 2001 From: Edwin Carlinet Date: Tue, 4 May 2021 13:46:30 +0000 Subject: [PATCH 3/5] Apply 3 suggestion(s) to 1 file(s) --- docs/wifi.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/docs/wifi.md b/docs/wifi.md index 00dec3f..97af09b 100644 --- a/docs/wifi.md +++ b/docs/wifi.md @@ -59,11 +59,11 @@ passphrase and the SSID. Please refer to this You can find other configuration examples in `/etc/netctl/examples/`. -## Troubleshootings +## Troubleshooting ### TLS 1.0/1.1 -``TLS < 1.2`` is still in use and is being deprecated and disabled by some OS security policies (e.g. Fedora 33). +TLS versions 1.0 and 1.1 are still in use and are being deprecated and disabled by some operating systems. If ``journalctl -e -u wpa_supplicant.service`` reports something like: ``` @@ -79,8 +79,6 @@ OpenSSL: openssl_handshake - SSL_connect error:1425F102:SSL routines:ssl_choose_ wlp2s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed ``` -You have to allow explicitely the legacy security policies. (For fedora 33+, see [^1]). - -[^1] https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2 +You have to allow explicitely the legacy security policies. For Fedora 33+, see https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2. -- GitLab From 6b6f7d3501130c19fd6472d04e8bf07239c4d391 Mon Sep 17 00:00:00 2001 From: Edwin Carlinet Date: Mon, 10 May 2021 07:38:12 +0000 Subject: [PATCH 4/5] Apply 1 suggestion(s) to 1 file(s) --- docs/wifi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/wifi.md b/docs/wifi.md index 97af09b..a22e4c8 100644 --- a/docs/wifi.md +++ b/docs/wifi.md @@ -64,7 +64,7 @@ You can find other configuration examples in `/etc/netctl/examples/`. ### TLS 1.0/1.1 TLS versions 1.0 and 1.1 are still in use and are being deprecated and disabled by some operating systems. -If ``journalctl -e -u wpa_supplicant.service`` reports something like: +If `journalctl -e -u wpa_supplicant.service` (the service name may change depending on your distribution) reports something like: ``` wlp2s0: SME: Trying to authenticate with 9c:5d:12:de:c4:e4 (SSID='IONIS' freq=5180 MHz) -- GitLab From 99d67b7947ecd0a9898f2fcd60a1d133f2f83fd0 Mon Sep 17 00:00:00 2001 From: Edwin Carlinet Date: Tue, 11 May 2021 14:58:38 +0200 Subject: [PATCH 5/5] Rewrap section. --- docs/wifi.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/wifi.md b/docs/wifi.md index a22e4c8..75ff1ff 100644 --- a/docs/wifi.md +++ b/docs/wifi.md @@ -63,8 +63,9 @@ You can find other configuration examples in `/etc/netctl/examples/`. ### TLS 1.0/1.1 -TLS versions 1.0 and 1.1 are still in use and are being deprecated and disabled by some operating systems. -If `journalctl -e -u wpa_supplicant.service` (the service name may change depending on your distribution) reports something like: +TLS versions 1.0 and 1.1 are still in use and are being deprecated and disabled +by some operating systems. If `journalctl -e -u wpa_supplicant.service` (the +service name may change depending on your distribution) reports something like: ``` wlp2s0: SME: Trying to authenticate with 9c:5d:12:de:c4:e4 (SSID='IONIS' freq=5180 MHz) @@ -79,6 +80,7 @@ OpenSSL: openssl_handshake - SSL_connect error:1425F102:SSL routines:ssl_choose_ wlp2s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed ``` -You have to allow explicitely the legacy security policies. For Fedora 33+, see https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2. +You have to allow explicitly the legacy security policies. For Fedora 33+, see +https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2. -- GitLab