From: Jouni Malinen Date: Sun, 22 May 2022 17:01:35 +0300 Subject: OpenSSL: Drop security level to 0 with OpenSSL 3.0 when using TLS 1.0/1.1 Commit 9afb68b03976 ("OpenSSL: Allow systemwide secpolicy overrides for TLS version") with commit 58bbcfa31b18 ("OpenSSL: Update security level drop for TLS 1.0/1.1 with OpenSSL 3.0") allow this workaround to be enabled with an explicit network configuration parameter. However, the default settings are still allowing TLS 1.0 and 1.1 to be negotiated just to see them fail immediately when using OpenSSL 3.0. This is not exactly helpful especially when the OpenSSL error message for this particular case is "internal error" which does not really say anything about the reason for the error. It is is a bit inconvenient to update the security policy for this particular issue based on the negotiated TLS version since that happens in the middle of processing for the first message from the server. However, this can be done by using the debug callback for printing out the received TLS messages during processing. Drop the OpenSSL security level to 0 if that is the only option to continue the TLS negotiation, i.e., when TLS 1.0/1.1 are still allowed in wpa_supplicant default configuration and OpenSSL 3.0 with the constraint on MD5-SHA1 use. Signed-off-by: Jouni Malinen Bug-Debian: https://bugs.debian.org/1011121 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1958267 Origin: upstream, commit:bc99366f9b960150aa2e369048bbc2218c1d414e --- src/crypto/tls_openssl.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 6602ac64f591..78621d926dab 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -1557,6 +1557,15 @@ static void tls_msg_cb(int write_p, int version, int content_type, struct tls_connection *conn = arg; const u8 *pos = buf; +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + if ((SSL_version(ssl) == TLS1_VERSION || + SSL_version(ssl) == TLS1_1_VERSION) && + SSL_get_security_level(ssl) > 0) { + wpa_printf(MSG_DEBUG, + "OpenSSL: Drop security level to 0 to allow TLS 1.0/1.1 use of MD5-SHA1 signature algorithm"); + SSL_set_security_level(ssl, 0); + } +#endif /* OpenSSL version >= 3.0 */ if (write_p == 2) { wpa_printf(MSG_DEBUG, "OpenSSL: session ver=0x%x content_type=%d", -- 2.39.0