Ubuntu patch FYI

Danner, Mearl jmdanner at samford.edu
Tue Feb 25 18:43:16 CET 2020

Just got this from a wireless lan list:

"We has been struggling with a recent patch from Ubuntu that broke encrypted connections
between some of our internal servers.

Long story short: Ubuntu now uses GNU-TLS and the latest security patch has removed support for SHA-1.
Error messages in Ubuntu or in LDAP were not explicit enough to make it obvious.

Some of you may face this issue between RADIUS and LDAP (still used quite a bit for 802.1X).
This issue will most likely affect internally issued infrastructure certificates!

Fix: Do not patch GNU-TLS (is this a good idea?) or recreate your ROOT CA to support SHA-2 family"

More information about the Freeradius-Users mailing list