SSL3이 지원되지 않기 때문에 wpa_supplicant가 연결되지 않았습니다.

SSL3이 지원되지 않기 때문에 wpa_supplicant가 연결되지 않았습니다.

네트워크 관리자와 함께 Debian GNU/Linux를 실행하는 불안정한 노트북이 있습니다. OpenSSL 업데이트(1.1.1인 것 같습니다) 이후 PEAP(MSCHAPv2)가 포함된 WPA2 Enterprise를 사용하여 Wi-Fi 네트워크에 연결할 수 없습니다. 에서는 /var/log/syslogSSL3이 지원되지 않는다고 표시됩니다.

Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: wlp4s0: SME: Trying to authenticate with [REDACTED] (SSID='Hotspot' freq=2412 MHz)
Oct 30 10:52:18 wb9688-b50 kernel: [    9.195724] wlp4s0: authenticate with [REDACTED]
Oct 30 10:52:18 wb9688-b50 NetworkManager[505]: <info>  [1540893138.8304] device (wlp4s0): supplicant interface state: scanning -> authenticating
Oct 30 10:52:18 wb9688-b50 kernel: [    9.216389] wlp4s0: send auth to [REDACTED] (try 1/3)
Oct 30 10:52:18 wb9688-b50 kernel: [    9.218779] wlp4s0: authenticated
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: wlp4s0: Trying to associate with [REDACTED] (SSID='Hotspot' freq=2412 MHz)
Oct 30 10:52:18 wb9688-b50 kernel: [    9.228045] wlp4s0: associate with [REDACTED] (try 1/3)
Oct 30 10:52:18 wb9688-b50 kernel: [    9.233930] wlp4s0: RX AssocResp from [REDACTED] (capab=0x431 status=0 aid=4)
Oct 30 10:52:18 wb9688-b50 kernel: [    9.234023] wlp4s0: associated
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: wlp4s0: Associated with [REDACTED]
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: wlp4s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: wlp4s0: CTRL-EVENT-EAP-STARTED EAP authentication started
Oct 30 10:52:18 wb9688-b50 NetworkManager[505]: <info>  [1540893138.8600] device (wlp4s0): supplicant interface state: authenticating -> associating
Oct 30 10:52:18 wb9688-b50 NetworkManager[505]: <info>  [1540893138.8605] device (wlp4s0): supplicant interface state: associating -> associated
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: wlp4s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: wlp4s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: wlp4s0: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=NL
Oct 30 10:52:18 wb9688-b50 kernel: [    9.259127] ath: EEPROM regdomain: 0x8210
Oct 30 10:52:18 wb9688-b50 kernel: [    9.259130] ath: EEPROM indicates we should expect a country code
Oct 30 10:52:18 wb9688-b50 kernel: [    9.259131] ath: doing EEPROM country->regdmn map search
Oct 30 10:52:18 wb9688-b50 kernel: [    9.259132] ath: country maps to regdmn code: 0x37
Oct 30 10:52:18 wb9688-b50 kernel: [    9.259133] ath: Country alpha2 being used: NL
Oct 30 10:52:18 wb9688-b50 kernel: [    9.259134] ath: Regpair used: 0x37
Oct 30 10:52:18 wb9688-b50 kernel: [    9.259136] ath: regdomain 0x8210 dynamically updated by country element
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: OpenSSL: openssl_handshake - SSL_connect error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: wlp4s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Oct 30 10:52:20 wb9688-b50 kernel: [   11.335881] wlp4s0: deauthenticating from [REDACTED] by local choice (Reason: 3=DEAUTH_LEAVING)
Oct 30 10:52:20 wb9688-b50 wpa_supplicant[502]: wlp4s0: Authentication with [REDACTED] timed out.
Oct 30 10:52:21 wb9688-b50 wpa_supplicant[502]: wlp4s0: CTRL-EVENT-DISCONNECTED bssid=[REDACTED] reason=3 locally_generated=1
Oct 30 10:52:21 wb9688-b50 wpa_supplicant[502]: wlp4s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="Hotspot" auth_failures=1 duration=10 reason=AUTH_FAILED
Oct 30 10:52:21 wb9688-b50 NetworkManager[505]: <warn>  [1540893141.3677] sup-iface[0x5617eb7458b0,wlp4s0]: connection disconnected (reason -3)
Oct 30 10:52:21 wb9688-b50 NetworkManager[505]: <info>  [1540893141.3704] device (wlp4s0): supplicant interface state: associated -> disconnected

OpenSSL을 다운그레이드하면 확실히 문제가 해결되지만 최신 버전의 OpenSSL로 컴파일된 항목을 사용할 수 없습니다. Wi-Fi 네트워크에 연결할 수 있는 방법이 있나요?

답변1

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911389관련이 있는 것 같습니다. edit 의 마지막 두 줄을 제안합니다 /etc/ssl/openssl.conf. TLSv1.0을 사용하십시오. 이는 저의 형편없는 MS AD 설치에서 작동했습니다.

분명히 사람들은 친절한 시스템 관리자에게 독점 소프트웨어 사용을 중단하거나 최소한 최신 프로토콜 버전을 수락하도록 요청해야 합니다.

답변2

다른 Linux 배포판 사용자에게 답변을 확장하려면 다음이 Fedora 33에서 이 문제를 해결하는 데 도움이 될 수 있습니다.

sudo dnf install crypto-policies-scripts
update-crypto-policies --set LEGACY

변경 후 wpa_supplicant 데몬을 다시 시작해야 합니다.

systemctl restart wpa_supplicant

기본 구성을 복원하려면 다음을 사용하십시오.

update-crypto-policies --set DEFAULT

답변3

내 우분투 22.04에서

Apr 23 10:41:31 thomas-laptop wpa_supplicant[3116]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:internal error
Apr 23 10:41:31 thomas-laptop wpa_supplicant[3116]: OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal error
Apr 23 10:41:32 thomas-laptop wpa_supplicant[3116]: wlp0s20f3: CTRL-EVENT-EAP-FAILURE EAP authentication failed
cat ~/temp/wpa_supplicant.conf

ctrl_interface=DIR=/run/wpa_supplicant GROUP=root
ap_scan=0
network={
  key_mgmt=IEEE8021X
  eap=PEAP
  phase1="peaplabel=auto tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=0 tls_disable_tlsv1_2=0 tls_ext_cert_check=0"
  phase2="auth=MSCHAPV2"
  identity="yourusername"
  password="yourpassword"
  eapol_flags=0
}

sudo wpa_supplicant -f ~/temp/wpa.log -dd -c wpa_supplicant.conf -Dwired -ieth0
sudo dhclient eth0

https://wiki.archlinux.org/title/wpa_supplicant

Archlinux는 훌륭한 리눅스이다.

관련 정보