I am using networkmanager with wpa supplicant backend.
Also, looks like I was using unstable, which is my bad. It works with stable (22.05) but I’m worried whatever was changed will break again when 22.11 releases.
It probably will! Looking at that bug report this is caused by wpa_supplicant being built with openssl 3+, which marks TLS 1.1 as insecure for good reasons (mainly its use of insecure hashing algorithms). Unstable has switched to openssl 3, and 22.11 will most likely be using that too.
The correct thing to do is to upgrade whatever router you’re trying to connect to, that thing is a hazard.
Alternatively, if you have no control over this, you can either:
networkmanager does not support passing this configuration apparently, but maybe you can find something. I’ve always just stuck to wpa_supplicant personally, it’s much simpler.
Downgrade the version of openssl wpa_supplicant is built with by overriding it with openssl_1_1
Probably the worst option security-wise, and probably won’t stick long-term?
I tried adding the cipher and enabling tlsv1.1, no success. Maybe I should look at debian’s patches into wpa_supplicant?
But yeah, both of the first 2 don’t work and I’m wondering if I really want to downgrade openssl to 1.1
I’ve looked around for a pure configuration setting, but I think that patch is much easier to do. You’d apparently have to create a separate openssl config file.
Networkmanager should continue to work if you use that patch, too. But I’d definitely suggest asking whoever maintains this network to look at updating their infrastructure in the long run.
I followed the link and managed to add a patch to wpa_supplicant but I still cant get authorized in my office network. Did you adjusted anything in your system? Did you create a new openssl confi file?