Debian

wpa_supplicant 未連接,因為 SSL3 不受支持

  • April 26, 2022

我有一台使用網路管理器執行 Debian GNU/Linux Unstable 的筆記型電腦。由於 OpenSSL(我認為是 1.1.1)的更新,我無法使用帶有 PEAP 的 WPA2 Enterprise(MSCHAPv2)連接到 Wi-Fi 網路。在/var/log/syslog中,它說 SSL3 不受支持:

Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: wlp4s0: SME: Trying to authenticate with [REDACTED] (SSID='Hotspot' freq=2412 MHz)
Oct 30 10:52:18 wb9688-b50 kernel: [    9.195724] wlp4s0: authenticate with [REDACTED]
Oct 30 10:52:18 wb9688-b50 NetworkManager[505]: <info>  [1540893138.8304] device (wlp4s0): supplicant interface state: scanning -> authenticating
Oct 30 10:52:18 wb9688-b50 kernel: [    9.216389] wlp4s0: send auth to [REDACTED] (try 1/3)
Oct 30 10:52:18 wb9688-b50 kernel: [    9.218779] wlp4s0: authenticated
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: wlp4s0: Trying to associate with [REDACTED] (SSID='Hotspot' freq=2412 MHz)
Oct 30 10:52:18 wb9688-b50 kernel: [    9.228045] wlp4s0: associate with [REDACTED] (try 1/3)
Oct 30 10:52:18 wb9688-b50 kernel: [    9.233930] wlp4s0: RX AssocResp from [REDACTED] (capab=0x431 status=0 aid=4)
Oct 30 10:52:18 wb9688-b50 kernel: [    9.234023] wlp4s0: associated
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: wlp4s0: Associated with [REDACTED]
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: wlp4s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: wlp4s0: CTRL-EVENT-EAP-STARTED EAP authentication started
Oct 30 10:52:18 wb9688-b50 NetworkManager[505]: <info>  [1540893138.8600] device (wlp4s0): supplicant interface state: authenticating -> associating
Oct 30 10:52:18 wb9688-b50 NetworkManager[505]: <info>  [1540893138.8605] device (wlp4s0): supplicant interface state: associating -> associated
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: wlp4s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: wlp4s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: wlp4s0: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=NL
Oct 30 10:52:18 wb9688-b50 kernel: [    9.259127] ath: EEPROM regdomain: 0x8210
Oct 30 10:52:18 wb9688-b50 kernel: [    9.259130] ath: EEPROM indicates we should expect a country code
Oct 30 10:52:18 wb9688-b50 kernel: [    9.259131] ath: doing EEPROM country->regdmn map search
Oct 30 10:52:18 wb9688-b50 kernel: [    9.259132] ath: country maps to regdmn code: 0x37
Oct 30 10:52:18 wb9688-b50 kernel: [    9.259133] ath: Country alpha2 being used: NL
Oct 30 10:52:18 wb9688-b50 kernel: [    9.259134] ath: Regpair used: 0x37
Oct 30 10:52:18 wb9688-b50 kernel: [    9.259136] ath: regdomain 0x8210 dynamically updated by country element
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: OpenSSL: openssl_handshake - SSL_connect error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
Oct 30 10:52:18 wb9688-b50 wpa_supplicant[502]: wlp4s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Oct 30 10:52:20 wb9688-b50 kernel: [   11.335881] wlp4s0: deauthenticating from [REDACTED] by local choice (Reason: 3=DEAUTH_LEAVING)
Oct 30 10:52:20 wb9688-b50 wpa_supplicant[502]: wlp4s0: Authentication with [REDACTED] timed out.
Oct 30 10:52:21 wb9688-b50 wpa_supplicant[502]: wlp4s0: CTRL-EVENT-DISCONNECTED bssid=[REDACTED] reason=3 locally_generated=1
Oct 30 10:52:21 wb9688-b50 wpa_supplicant[502]: wlp4s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="Hotspot" auth_failures=1 duration=10 reason=AUTH_FAILED
Oct 30 10:52:21 wb9688-b50 NetworkManager[505]: <warn>  [1540893141.3677] sup-iface[0x5617eb7458b0,wlp4s0]: connection disconnected (reason -3)
Oct 30 10:52:21 wb9688-b50 NetworkManager[505]: <info>  [1540893141.3704] device (wlp4s0): supplicant interface state: associated -> disconnected

降級 OpenSSL 當然可以修復它,但是我不能使用編譯到較新版本的 OpenSSL 的東西。有什麼方法可以連接到 Wi-Fi 網路嗎?

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911389似乎是相關的。它建議編輯/etc/ssl/openssl.conf. 一定要使用 TLSv1.0,這在我可怕的 MS AD 安裝中起作用。

顯然,應該要求友好的系統管理員停止使用專有軟體,或者至少接受更新的協議版本。

為了擴展其他 Linux 發行版的使用者的答案,以下可以幫助解決 Fedora 33 中的這個問題:

sudo dnf install crypto-policies-scripts
update-crypto-policies --set LEGACY

更改後需要重新啟動 wpa_supplicant 守護程序:

systemctl restart wpa_supplicant

要恢復預設配置,請使用

update-crypto-policies --set DEFAULT

引用自:https://unix.stackexchange.com/questions/478668

相關問答

Debian

如何解決 debian 熱點問題?

  • January 4, 2022
檢視問答
Linux

如何讓非root使用者連接WiFi?

  • April 21, 2021
檢視問答
Debian

如何從 /usr/local 強制使用 OpenSSL

  • December 13, 2020
檢視問答
Debian

在 Kali 上安裝 John the Ripper Jumbo 時出現問題 - libssl-devdependecy

  • November 6, 2020
檢視問答
Debian

debian - 在範圍內時自動連接到 wifi

  • October 3, 2020
檢視問答
Debian

如何將 OpenSSL 從 1.1.1 降級到 1.0.2?Debian 10

  • July 30, 2020
檢視問答