[Bug 1469834] Re: openssl 1.0.1f-1ubuntu2.15 prevents connection to WPA Enterprise networks

John B. 1469834 at bugs.launchpad.net
Mon Aug 3 18:18:21 UTC 2015 

Marc,

I tried the test package and was able to connect to the networks.  I
installed the following packages from your PPA:

openssl_1.0.1f-1ubuntu2.16~test1_amd64.deb
libssl1.0.0_1.0.1f-1ubuntu2.16~test1_i386.deb
libssl1.0.0_1.0.1f-1ubuntu2.16~test1_amd64.deb

When attempting to use the current Live packages (to confirm if I was
still unable to connect) I still could not connect, and there were
several lines of the following in dmesg:

[  102.876831] wlan0: authenticate with 20:bb:c0:2d:60:2f
[  102.880753] wlan0: send auth to 20:bb:c0:2d:60:2f (try 1/3)
[  102.896841] wlan0: authenticated
[  102.899110] wlan0: associate with 20:bb:c0:2d:60:2f (try 1/3)
[  103.003020] wlan0: associate with 20:bb:c0:2d:60:2f (try 2/3)
[  103.107071] wlan0: associate with 20:bb:c0:2d:60:2f (try 3/3)
[  103.211035] wlan0: association with 20:bb:c0:2d:60:2f timed out
[  107.886677] wlan0: authenticate with 20:bb:c0:2d:60:2c
[  107.889172] wlan0: send auth to 20:bb:c0:2d:60:2c (try 1/3)
[  107.982250] wlan0: authenticated
[  107.985299] wlan0: associate with 20:bb:c0:2d:60:2c (try 1/3)
[  108.089272] wlan0: associate with 20:bb:c0:2d:60:2c (try 2/3)
[  108.193176] wlan0: associate with 20:bb:c0:2d:60:2c (try 3/3)
[  108.297146] wlan0: association with 20:bb:c0:2d:60:2c timed out
[  108.348444] wlan0: authenticate with 20:bb:c0:2d:60:2c
[  108.351625] wlan0: send auth to 20:bb:c0:2d:60:2c (try 1/3)
[  108.399905] wlan0: authenticated
[  108.400222] wlan0: waiting for beacon from 20:bb:c0:2d:60:2c
[  108.505063] wlan0: associate with 20:bb:c0:2d:60:2c (try 1/3)
[  108.608997] wlan0: associate with 20:bb:c0:2d:60:2c (try 2/3)
[  108.620310] wlan0: associate with 20:bb:c0:2d:60:2c (try 3/3)
[  108.629430] wlan0: association with 20:bb:c0:2d:60:2c timed out

Would the "reject if DH key too small" patch cause a timeout like this?

Thanks for all of your work so far, it's greatly appreciated.  Is there
another log I should check, or a specific question I should send on to
IT?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1469834

Title:
  openssl 1.0.1f-1ubuntu2.15 prevents connection to WPA Enterprise
  networks

Status in openssl package in Ubuntu:
  Triaged

Bug description:
  The current version of openssl/libssl in Ubuntu 14.04 (1.0.1f-
  1ubuntu2.15) breaks wireless connectivity to WPA Enterprise networks
  at my institution.  WPA 2 personal networks are unaffected (my home
  setup).  If I install the "-1ubuntu2.12" version of openssl, libssl
  (amd64 and i386) I can once again connect to the WPA Enterprise
  network (I need to manually restart networking via network-manager
  *and* make sure to kill wpa_supplicant from the command line to make
  sure that the broken library is no longer loaded).


  The WPA Enterprise network in question can be accessed a few different
  ways.  One way uses TLS and certs, the other uses Tunneled TLS, no
  cert, but a username/password combination.  Both methods break upon
  installing the new openssl & libssl.

  I'm marking this as a security vulnerability because the only way (for
  me) to currently access WPA Enterprise networks is to run an older
  version of openssl&libssl.

  lsb_release -rd
  Description:	Ubuntu 14.04.2 LTS
  Release:	14.04

  *Working* version of package:
  apt-cache policy openssl
  openssl:
    Installed: 1.0.1f-1ubuntu2.12
    Candidate: 1.0.1f-1ubuntu2.15
    Version table:
       1.0.1f-1ubuntu2.15 0
          500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
          500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
   *** 1.0.1f-1ubuntu2.12 0
          100 /var/lib/dpkg/status
       1.0.1f-1ubuntu2 0
          500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

  The "candidate" version listed above breaks WPA enterprise.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: openssl 1.0.1f-1ubuntu2.12
  ProcVersionSignature: Ubuntu 3.13.0-55.94-generic 3.13.11-ckt20
  Uname: Linux 3.13.0-55-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.11
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Mon Jun 29 13:05:58 2015
  SourcePackage: openssl
  UpgradeStatus: Upgraded to trusty on 2014-06-03 (391 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1469834/+subscriptions

More information about the foundations-bugs mailing list