It seems that the openssl update to version 1.0.1f has denied access to wireless due to ClearPass having a DH key that is below the 768 key length. I have installed several ssl patches but we are still having issues with the key negotiation. Does anyone know which patch will fix this ssl negotiation issue we are seeing. I would assume it would be an openssl update from the current 1.0.1e that we have on our ClearPass boxes to the 1.0.1f that is currently out.
Digging into this issue there is a work around to solve the connectivity issues. The radiusd.conf file is currently pointed to a dh512.pem file which is a dh key of 512. If you use openssl and create a new file with a min. key size of 768 you can replace the original file and restart the radius service. Obviously its better to have Aruba make this change or create a patch for this issue.
Creating a new file
openssl dhparam -check -text -5 768 -out dh512.pem
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.