Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Ubuntu Openssl update broke Wireless connectivity

This thread has been viewed 0 times

  • 1.  Ubuntu Openssl update broke Wireless connectivity

    Posted Jul 27, 2015 12:16 PM

    It seems that the openssl update to version 1.0.1f has denied access to wireless due to ClearPass having a DH key that is below the 768 key length.  I have installed several ssl patches but we are still having issues with the key negotiation.  Does anyone know which patch will fix this ssl negotiation issue we are seeing.  I would assume it would be an openssl update from the current 1.0.1e that we have on our ClearPass boxes to the 1.0.1f that is currently out.



  • 2.  RE: Ubuntu Openssl update broke Wireless connectivity
    Best Answer

    Posted Jul 28, 2015 01:54 PM

    Digging into this issue there is a work around to solve the connectivity issues.  The radiusd.conf file is currently pointed to a dh512.pem file which is a dh key of 512.  If you use openssl and create a new file with a min. key size of 768 you can replace the original file and restart the radius service.  Obviously its better to have Aruba make this change or create a patch for this issue.  

     

    Creating a new file

    openssl dhparam -check -text -5 768 -out dh512.pem

     

    File Location

    /var/avenda/tips/tips/radconfig/certs