Wpa supplicant: Difference between revisions
imported>Oddlama m Fix indenting |
imported>Joeriexelmans Add example of setting OpenSSL's SECLEVEL=0 |
||
| Line 111: | Line 111: | ||
''; | ''; | ||
}; | }; | ||
</syntaxHighlight> | |||
== Fixing "legacy sigalg disallowed or unsupported" == | |||
When connecting to an institutional network fails, and something similar to following lines appear in the system log: | |||
<syntaxHighlight> | |||
mrt 31 17:17:19 t14 wpa_supplicant[727029]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:internal error | |||
mrt 31 17:17:19 t14 wpa_supplicant[727029]: OpenSSL: openssl_handshake - SSL_connect error:0A00014D:SSL routines::legacy sigalg disallowed or unsupported | |||
</syntaxHighlight> | |||
The cause is probably an outdated RADIUS server that uses an old (insecure) signature algorithm. A workaround can be to reduce OpenSSL's security setting to allow insecure ciphers. Add the following to your NixOS configuration: | |||
<syntaxHighlight lang=nixos> | |||
networking.wireless.extraConfig = '' | |||
openssl_ciphers=DEFAULT@SECLEVEL=0 | |||
''; | |||
</syntaxHighlight> | </syntaxHighlight> | ||