On Mon, Jan 04, 2016 at 02:46:43PM -0800, Adam Jacobs wrote: > My laptop runs Ubuntu, and when I reproduced the error, it was invoking wpa_supplicant via NetworkManager. Of course, to test disabling TLS1.2, I had to shut off NetworkManager and invoke wpa_supplicant manually. > > What I've now discovered is that if I invoke wpa_supplicant manually, everything works fine even if I DON'T disable TLS1.2. You might want to try to test this with NetworkManager and just increasing debug verbosity for wpa_supplicant, e.g., by killing the existing wpa_supplicant process and starting another one with something like "-dddtu -f /tmp/wpas.log" on the command line. > My config looks like this: > > network={ > ssid="Mocana-SECURE" > key_mgmt=WPA-EAP > eap=PEAP > identity="ajacobs" > password="**********" > phase2="auth=MSCHAPV2" > ca_cert="/usr/local/etc/MocanaRoot.pem" > } Based on couple of logs that Dan pointed me to, the only real differences to that with NM would be addition of fragment_size=1300 (or something around that value) and proactive_key_caching=1. I don't know how either of these would cause the issue, but well, I guess it is worth trying these (or that debugging mechanism with NM mentioned above). In any case, I don't think I can do much more without the issue being reproduced with verbose debugging enabled in wpa_supplicant. > So it must be something about the way NetworkManager is calling/managing NetworkSupplicant that causes this failure. Unfortunately I don't know of any way to debug that further, and as I've shown wpa_supplicant to be working properly it is probably no longer the domain of this group, Still, I'm happy to take suggestions if anyone has any ideas for debugging further. NM should not be able to configure wpa_supplicant in a way that causes this type of interop issues, so I'd interpret that a bit differently: at least one configuration of wpa_supplicant works, but something else in the configuration or timing or whatever makes this fail in some other cases. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap