Package: wpasupplicant Version: 2:2.4-1+deb9u1 Followup-For: Bug #911297 See /usr/share/doc/libssl1.1/NEWS.Debian.gz and try editing the end of /etc/ssl/openssl.cnf:
MinProtocol = None CipherString = DEFAULT I believe OpenSSL clients can call SSL_CONF_cmd(3ssl) in order to change the new defaults (TLSv1.2, security level 2) back to something more permissive. wpasupplicant should probably be doing this because enterprise networks are not going to upgrade to anything as new as TLSv1.2 (2008) overnight. For bonus points, the minimum TLS version and CipherString could be exposed in NetworkManager's GUI and passed down to wpasupplicant, but that's way too much work given that we're about to freeze for buster! -- System Information: Debian Release: 9.6 APT prefers stable-updates APT policy: (540, 'stable-updates'), (540, 'stable'), (520, 'testing'), (510, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 4.9.0-6-686-pae (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages wpasupplicant depends on: ii adduser 3.115 ii libc6 2.24-11+deb9u3 ii libdbus-1-3 1.10.26-0+deb9u1 ii libnl-3-200 3.2.27-2 ii libnl-genl-3-200 3.2.27-2 pn libpcsclite1 <none> ii libreadline7 7.0-3 ii libssl1.0.2 1.0.2l-2+deb9u3 ii libssl1.1 1.1.0f-3+deb9u2 ii lsb-base 9.20161125 wpasupplicant recommends no packages. Versions of packages wpasupplicant suggests: pn libengine-pkcs11-openssl <none> pn wpagui <none>
