Public bug reported:
Hello,
It would seem that wpa_supplicant, when used on a wired connection for 802.1x
authentication, does not operate correctly on a Jammy system when FIPS is
enabled (either fips or fips-updates). It's unclear what precisely is going on,
but based on the logs we've seen thus far, it would appear that wpa_supplicant
is failing to negotiate the connection (possibly due to disabled alg's):
---
wpa_supplicant[19782]: SSL: SSL3 alert: write (local SSL3 detected an
error):fatal:internal error
wpa_supplicant[19782]: OpenSSL: openssl_handshake - SSL_connect
error:1C800073:Provider routines::invalid data
wpa_supplicant[19782]: OpenSSL: pending error:
error:0A0C0103:SSLroutines::internal error
---
In this particular example, the upstream radius server and certificates
being used for authentication have all been verified to be FIPS-
compliant, and other networked devices are in FIPS mode and are able to
authenticate against it. There has been some recent patches pushed
upstream to this as well[1] that may be related here too.
This connection is confirmed to otherwise be working fine when FIPS mode
is disabled.
Thank you!
1. Description: Ubuntu 22.04.4 LTS
2. ii wpasupplicant 2:2.10-6ubuntu2
amd64 client support for WPA and WPA2 (IEEE 802.11i)
3. Connection is successful
4. Connection fails to negotiate
[1] https://lists.infradead.org/pipermail/hostap/2024-July/042827.html
** Affects: wpasupplicant (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2074225
Title:
wpa_supplicant on wired connection on FIPS fails to connect
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wpasupplicant/+bug/2074225/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
