The problem here is that the CA you're connecting to has an insecure certificate. You should talk to your administrator to generate stronger keys.
The "ca md too weak" is because the certificate is probably using SHA-1, while it should move to SHA256. This can be worked around by using this in your wpa config: openssl_ciphers=DEFAULT@SECLEVEL=1 There is also an "ssl_choose_client_version:version too low" message. This is most likely caused by minimum TLS 1.2 version setting. I can't find a way in wpa to override the default. You will have to modify /etc/ssl/openssl.cnf and change: MinProtocol = TLSv1.2 to: MinProtocol = TLSv1 Note that you can also change the cipher string in that file, from CipherString = DEFAULT@SECLEVEL=2 to CipherString = DEFAULT@SECLEVEL=1 But I recommend that you do it in the wpa config file if you can instead, so that only the security of that connection is lowered.
