Security

Reply
New Contributor

Ubuntu Openssl update broke Wireless connectivity

It seems that the openssl update to version 1.0.1f has denied access to wireless due to ClearPass having a DH key that is below the 768 key length.  I have installed several ssl patches but we are still having issues with the key negotiation.  Does anyone know which patch will fix this ssl negotiation issue we are seeing.  I would assume it would be an openssl update from the current 1.0.1e that we have on our ClearPass boxes to the 1.0.1f that is currently out.

New Contributor

Re: Ubuntu Openssl update broke Wireless connectivity

Digging into this issue there is a work around to solve the connectivity issues.  The radiusd.conf file is currently pointed to a dh512.pem file which is a dh key of 512.  If you use openssl and create a new file with a min. key size of 768 you can replace the original file and restart the radius service.  Obviously its better to have Aruba make this change or create a patch for this issue.  

 

Creating a new file

openssl dhparam -check -text -5 768 -out dh512.pem

 

File Location

/var/avenda/tips/tips/radconfig/certs

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: