Hi, Using HostAPd 2.6, compiled with OpenSSL 1.1 (1.1.0f-5) and Android 6.0 as client, EAP authentication fails with: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version OpenSSL: openssl_handshake - SSL_connect error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol Here is the complete log: Configuration file: hostapd.conf Using interface wlan0 with hwaddr d2:19:32:45:67:8e and ssid "hostapd" wlan0: interface state UNINITIALIZED->ENABLED wlan0: AP-ENABLED wlan0: STA a4:23:45:67:89:0a IEEE 802.11: authenticated wlan0: STA a4:23:45:67:89:0a IEEE 802.11: associated (aid 1) wlan0: CTRL-EVENT-EAP-STARTED a4:23:45:67:89:0a wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1 wlan0: CTRL-EVENT-EAP-STARTED a4:23:45:67:89:0a wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1 wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version OpenSSL: openssl_handshake - SSL_connect error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol wlan0: CTRL-EVENT-EAP-FAILURE a4:23:45:67:89:0a wlan0: STA a4:23:45:67:89:0a IEEE 802.1X: authentication failed - EAP type: 0 (unknown) wlan0: STA a4:23:45:67:89:0a IEEE 802.1X: Supplicant used different EAP type: 25 (PEAP) wlan0: STA a4:23:45:67:89:0a IEEE 802.11: deauthenticated due to local deauth request A similar issue affected Freeradius: http://freeradius.1045715.n5.nabble.com/FreeRADIUS-3-0-15-fails-to-respond-with-TLS-1-0-Debian-testing-td5747111.html The solution was to use SSL_CTX_set_max_proto_version and SSL_CTX_set_min_proto_version as you can see on https://github.com/FreeRADIUS/freeradius-server/commits/v3.0.x/src/main/tls.c (anything on or after September 8 2017). Best regards, Thomas _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
