One of my power-users just reported the same issue. PCAP shows that the client sends a Handshake Failure immediately after receiving the clearpass server's radius certificate.
Log from the client:
deauthenticated from <BSSID Here> (Reason: 23=IEEE8021X_FAILED)
Log from ClearPass:
EAP-PEAP: fatal alert by client - handshake_failure
TLS Handshake failed in SSL_read with error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
eap-tls: Error in establishing TLS session
This is due to a long-coming change in OpenSSL that removed what they consider to be legacy support.
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1963834I expect that this will affect other OSes that also use OpenSSL as they get updated.
------------------------------
Bryan Ward
------------------------------
Original Message:
Sent: Apr 29, 2022 05:17 PM
From: Scott Bertilson
Subject: problems with Ubuntu 22.04 connecting using EAP (related to TLS vulnerability addressed by RFC 5746)
Wondering if others have run into this issue which, from what I can tell, isn't an OpenSSL issue, but is just now being seen because recently OpenSSL has addressed a MITM vulnerability with "unsafe legacy renegotiation" in TLS.
Some background:
https://www.ethohampton.com/2022/04/ubuntu-2204-legacy-wifi-authentication/
https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267
I haven't yet found any information related to this issue after a look around the community here and web search.
We've raised it with our SE to see what he can find out for us.
------------------------------
Scott Bertilson
------------------------------