After upgrading to Fedora 39 I am no longer able to connect to my dorm network that uses 802.1x TLS authentication.
I tried recreating the connection profile with no success.
I’m certain that certificates are valid - I generated new ones and they work on a windows machine and on another laptop running Fedora 38.
I tested this with two laptops: Thinkpad T14s gen1 AMD and Thinkpad T14 gen3 AMD.
Network worked on both with Fedora 38 and stopped working after the upgrade.
Downgrade to Fedora 38 fixed issue on both laptops, then upgrade to Fedora 39 broke things again.
One thing to note is that my dormitory apparently uses old crypto protocols, so I had to set crypto policies to DEFAULT:FEDORA32 to make it work back on Fedora 37 and 38. Now with Fedora 39 it won’t work at all regardless of crypto policies settings.
Here are logs from NetworkManager
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.5026] device (enp5s0f4u1u2): disconnecting for new activation request.
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.5027] device (enp5s0f4u1u2): state change: activated -> deactivating (reason 'new-activation', sys-iface-state: 'managed')
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.5028] manager: NetworkManager state is now CONNECTED_LOCAL
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.5033] audit: op="connection-activate" uuid="5aeffe9e-3b2f-4ba9-84b0-f2dfa404e82c" name="TK" pid=3823 uid=1000 result="success"
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.5327] device (enp5s0f4u1u2): state change: deactivating -> disconnected (reason 'new-activation', sys-iface-state: 'managed')
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.5333] dhcp4 (enp5s0f4u1u2): canceled DHCP transaction
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.5333] dhcp4 (enp5s0f4u1u2): activation: beginning transaction (timeout in 45 seconds)
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.5333] dhcp4 (enp5s0f4u1u2): state changed no lease
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.5720] device (enp5s0f4u1u2): Activation: starting connection 'TK' (5aeffe9e-3b2f-4ba9-84b0-f2dfa404e82c)
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.5733] device (enp5s0f4u1u2): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.5735] manager: NetworkManager state is now CONNECTING
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.5736] device (enp5s0f4u1u2): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.5741] device (enp5s0f4u1u2): Activation: (ethernet) connection 'TK' has security, but secrets are required.
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.5741] device (enp5s0f4u1u2): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.5742] device (enp5s0f4u1u2): Activation: (ethernet) asking for new secrets
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.5758] device (enp5s0f4u1u2): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.5759] device (enp5s0f4u1u2): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.5768] device (enp5s0f4u1u2): Activation: (ethernet) connection 'TK' requires no security. No secrets needed.
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.6147] device (enp5s0f4u1u2): supplicant interface state: internal-starting -> disconnected
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.6148] Config: added 'key_mgmt' value 'IEEE8021X'
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.6148] Config: added 'eapol_flags' value '0'
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.6148] Config: added 'eap' value 'TLS'
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.6148] Config: added 'fragment_size' value '1266'
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.6148] Config: added 'ca_cert' value '/home/roman/Documents/certs/root.pem'
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.6148] Config: added 'private_key' value '/home/roman/Documents/certs/user-qqmarian.pem'
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.6150] Config: added 'private_key_passwd' value '<hidden>'
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.6150] Config: added 'client_cert' value '/home/roman/Documents/certs/user-qqmarian.pem'
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.6150] Config: added 'identity' value 'qqmarian@mendelu.cz'
Nov 19 22:37:34 fedora-ics NetworkManager[1215]: <info> [1700429854.6210] device (enp5s0f4u1u2): supplicant interface state: disconnected -> associated
Nov 19 22:37:59 fedora-ics NetworkManager[1215]: <warn> [1700429879.5863] device (enp5s0f4u1u2): Activation: (ethernet) association took too long.
Nov 19 22:37:59 fedora-ics NetworkManager[1215]: <info> [1700429879.5864] device (enp5s0f4u1u2): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Nov 19 22:37:59 fedora-ics NetworkManager[1215]: <info> [1700429879.5868] device (enp5s0f4u1u2): Activation: (ethernet) asking for new secrets
Nov 19 22:37:59 fedora-ics NetworkManager[1215]: <info> [1700429879.5884] device (enp5s0f4u1u2): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Nov 19 22:37:59 fedora-ics NetworkManager[1215]: <info> [1700429879.5885] device (enp5s0f4u1u2): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Nov 19 22:37:59 fedora-ics NetworkManager[1215]: <info> [1700429879.5893] device (enp5s0f4u1u2): Activation: (ethernet) connection 'TK' requires no security. No secrets needed.
Nov 19 22:37:59 fedora-ics NetworkManager[1215]: <info> [1700429879.6463] device (enp5s0f4u1u2): supplicant interface state: internal-starting -> disconnected
Nov 19 22:37:59 fedora-ics NetworkManager[1215]: <info> [1700429879.6463] Config: added 'key_mgmt' value 'IEEE8021X'
Nov 19 22:37:59 fedora-ics NetworkManager[1215]: <info> [1700429879.6463] Config: added 'eapol_flags' value '0'
Nov 19 22:37:59 fedora-ics NetworkManager[1215]: <info> [1700429879.6463] Config: added 'eap' value 'TLS'
Nov 19 22:37:59 fedora-ics NetworkManager[1215]: <info> [1700429879.6463] Config: added 'fragment_size' value '1266'
Nov 19 22:37:59 fedora-ics NetworkManager[1215]: <info> [1700429879.6463] Config: added 'ca_cert' value '/home/roman/Documents/certs/root.pem'
Nov 19 22:37:59 fedora-ics NetworkManager[1215]: <info> [1700429879.6464] Config: added 'private_key' value '/home/roman/Documents/certs/user-qqmarian.pem'
Nov 19 22:37:59 fedora-ics NetworkManager[1215]: <info> [1700429879.6464] Config: added 'private_key_passwd' value '<hidden>'
Nov 19 22:37:59 fedora-ics NetworkManager[1215]: <info> [1700429879.6464] Config: added 'client_cert' value '/home/roman/Documents/certs/user-qqmarian.pem'
Nov 19 22:37:59 fedora-ics NetworkManager[1215]: <info> [1700429879.6464] Config: added 'identity' value 'qqmarian@mendelu.cz'
Nov 19 22:37:59 fedora-ics NetworkManager[1215]: <info> [1700429879.6522] device (enp5s0f4u1u2): supplicant interface state: disconnected -> associated
Nov 19 22:38:24 fedora-ics NetworkManager[1215]: <warn> [1700429904.5840] device (enp5s0f4u1u2): Activation: (ethernet) association took too long.
Nov 19 22:38:24 fedora-ics NetworkManager[1215]: <info> [1700429904.5842] device (enp5s0f4u1u2): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Nov 19 22:38:24 fedora-ics NetworkManager[1215]: <info> [1700429904.5845] device (enp5s0f4u1u2): Activation: (ethernet) asking for new secrets
Nov 19 22:38:24 fedora-ics NetworkManager[1215]: <info> [1700429904.5863] device (enp5s0f4u1u2): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Nov 19 22:38:24 fedora-ics NetworkManager[1215]: <info> [1700429904.5865] device (enp5s0f4u1u2): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Nov 19 22:38:24 fedora-ics NetworkManager[1215]: <info> [1700429904.5872] device (enp5s0f4u1u2): Activation: (ethernet) connection 'TK' requires no security. No secrets needed.
Nov 19 22:38:24 fedora-ics NetworkManager[1215]: <info> [1700429904.6427] device (enp5s0f4u1u2): supplicant interface state: internal-starting -> disconnected
Nov 19 22:38:24 fedora-ics NetworkManager[1215]: <info> [1700429904.6427] Config: added 'key_mgmt' value 'IEEE8021X'
Nov 19 22:38:24 fedora-ics NetworkManager[1215]: <info> [1700429904.6427] Config: added 'eapol_flags' value '0'
Nov 19 22:38:24 fedora-ics NetworkManager[1215]: <info> [1700429904.6427] Config: added 'eap' value 'TLS'
Nov 19 22:38:24 fedora-ics NetworkManager[1215]: <info> [1700429904.6427] Config: added 'fragment_size' value '1266'
Nov 19 22:38:24 fedora-ics NetworkManager[1215]: <info> [1700429904.6427] Config: added 'ca_cert' value '/home/roman/Documents/certs/root.pem'
Nov 19 22:38:24 fedora-ics NetworkManager[1215]: <info> [1700429904.6428] Config: added 'private_key' value '/home/roman/Documents/certs/user-qqmarian.pem'
Nov 19 22:38:24 fedora-ics NetworkManager[1215]: <info> [1700429904.6428] Config: added 'private_key_passwd' value '<hidden>'
Nov 19 22:38:24 fedora-ics NetworkManager[1215]: <info> [1700429904.6428] Config: added 'client_cert' value '/home/roman/Documents/certs/user-qqmarian.pem'
Nov 19 22:38:24 fedora-ics NetworkManager[1215]: <info> [1700429904.6428] Config: added 'identity' value 'qqmarian@mendelu.cz'
Nov 19 22:38:24 fedora-ics NetworkManager[1215]: <info> [1700429904.6486] device (enp5s0f4u1u2): supplicant interface state: disconnected -> associated
And here are wpa_supplicant logs
Nov 19 23:01:08 fedora-ics wpa_supplicant[1317]: dbus: fill_dict_with_properties dbus_interface=fi.w1.wpa_supplicant1.Interface.P2PDevice dbus_property=P2PDeviceConfig getter failed
Nov 19 23:01:08 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: Associated with 01:80:c2:00:00:03
Nov 19 23:01:08 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Nov 19 23:01:10 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-EAP-STARTED EAP authentication started
Nov 19 23:01:11 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
Nov 19 23:01:11 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
Nov 19 23:01:11 fedora-ics wpa_supplicant[1317]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
Nov 19 23:01:11 fedora-ics wpa_supplicant[1317]: OpenSSL: openssl_handshake - SSL_connect error:0A000102:SSL routines::unsupported protocol
Nov 19 23:01:12 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Nov 19 23:01:12 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-EAP-STARTED EAP authentication started
Nov 19 23:01:12 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
Nov 19 23:01:12 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
Nov 19 23:01:12 fedora-ics wpa_supplicant[1317]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
Nov 19 23:01:12 fedora-ics wpa_supplicant[1317]: OpenSSL: openssl_handshake - SSL_connect error:0A000102:SSL routines::unsupported protocol
Nov 19 23:01:13 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Nov 19 23:01:13 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-EAP-STARTED EAP authentication started
Nov 19 23:01:13 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
Nov 19 23:01:13 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
Nov 19 23:01:13 fedora-ics wpa_supplicant[1317]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
Nov 19 23:01:13 fedora-ics wpa_supplicant[1317]: OpenSSL: openssl_handshake - SSL_connect error:0A000102:SSL routines::unsupported protocol
Nov 19 23:01:14 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Nov 19 23:01:34 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-DISCONNECTED bssid=01:80:c2:00:00:03 reason=3 locally_generated=1
Nov 19 23:01:34 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="" auth_failures=1 duration=10 reason=AUTH_FAILED
Nov 19 23:01:34 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-DSCP-POLICY clear_all
Nov 19 23:01:34 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-DSCP-POLICY clear_all
Nov 19 23:01:34 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-DSCP-POLICY clear_all
Nov 19 23:01:34 fedora-ics wpa_supplicant[1317]: dbus: fill_dict_with_properties dbus_interface=fi.w1.wpa_supplicant1.Interface.P2PDevice dbus_property=P2PDeviceConfig getter failed
Nov 19 23:01:34 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: Associated with 01:80:c2:00:00:03
Nov 19 23:01:34 fedora-ics wpa_supplicant[1317]: enp5s0f4u1u2: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
There are some errors regarding unsupported protocol versions. I’m just not sure if there is something I can do to fix it, or if it’s an issue in our dorm network or if it’s expected to work and therefore it’s a bug in Fedora 39.