eduroam connection fix

README.md

Error

journalctl --boot --unit wpa_supplicant.service --follow

wpa_supplicant[888]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version

wpa_supplicant[888]: OpenSSL: openssl_handshake - SSL_connect error:0A000102:SSL routines::unsupported protocol

That may indicate that the network you're trying to connect to, requires some very old protocols. If the missing one is TLSv1.0, the following command will make the network work again!

Fix

Automatic fix (recommended)

nmcli con mod id <YOUR_SSID> 802-1x.phase1-auth-flags 32

Make sure to replace <YOUR_SSID> with the actual SSID of the network which is affected by the previous error. As an example, in the specific case of eduroam, the command will be:

nmcli con mod id eduroam 802-1x.phase1-auth-flags 32

^{Big thanks to @yrro for the easy-to-use command and the explanation}

Manual editing

1. Add the following line in /etc/NetworkManager/system-connections/YOUR_NETWORK_NAME.nmconnection, under the [802-1x] section:

phase1-auth-flags=32

2. Restart services

sudo systemctl restart NetworkManager.service
sudo systemctl restart wpa_supplicant.service

Is there some documentation regarding those 8021x auth flags? I've tried searching the internet but can't find anything.

Is there some documentation regarding those 8021x auth flags?

I couldn't find anything either. The solution came from the Arch Linux forum

FYI this should modify the connection without having to edit files/restart stuff:

$ nmcli con mod id <your connection name> 802-1x.phase1-auth-flags 32

As for the meaning of 32, this is 0x20 hexadecimal which according to the documentation corresponds to tls-1-0-enable

i.e., it enables the dreadfully out of date TLSv1.0 protocol which is perhaps still required by EduRoam.

@yrro Thanks a lot for your contribution, I've updated the gist