Raspbian update wpasupplicant (WIFI)


#1

I’m using webmin to update Raspbian on my system, explained here, chapter 4 / section 11.

Since I enabled automatic updates, I received a mail, content:

An update to wpasupplicant from 2.4-1+deb9u2 to 2.6-21~bpo9~rpt1 is needed.
This update has been successfully installed.

A second mail indicated:

wpasupplicant (2:2.6-19) unstable; urgency=medium

  With this release, wpasupplicant no longer respects the system
  default minimum TLS version, defaulting to TLSv1.0, not TLSv1.2. If
  you're sure you will never connect to EAP networks requiring anything less
  than 1.2, add this to your wpasupplicant configuration:

    tls_disable_tlsv1_0=1
    tls_disable_tlsv1_1=1

  wpasupplicant also defaults to a security level 1, instead of the system
  default 2. Should you need to change that, change this setting in your
  wpasupplicant configuration:

    openssl_ciphers=DEFAULT@SECLEVEL=2

  Unlike wpasupplicant, hostapd still respects system defaults.

 -- Andrej Shadura <andrewsh@debian.org>  Sat, 15 Dec 2018 14:22:18 +0100

According to wikipedia, this module handles authentication.

Q: what is the impact of wpasupplicant also defaults to a security level 1, instead of the system default 2


#2

This goes beyond pi-hole itself. You are dealing with wifi networking security in this question and my be best answered from where you got the guide from or the raspberry-pi support forums. In the guide you linked to there was a section on disabling the email from cron in section 14. Suppress pi-hole’s daily cron mail that may lead you in the right direction suppress update emails also.

https://www.raspberrypi.org/forums/


#3

I DON’T want to suppress these mails, they inform me of a change on the system.
The question isn’t about mail, the question is about a change in the security level of the system, witch, I suppose, is a concern to all pihole users.
Despite of what you may think, security is something that is important and impacts all systems, including pihole.

Sure, there may be an answer for this on the Raspbian forum, this doesn’t mean the developers have an opinion regarding the possible consequences.


#4

No opinion really, I don’t use things over wifi.


#5

This may be your best resource. A Pi-Hole forum may get you opinion, but the correct forum will get you information. For example:

https://www.raspberrypi.org/forums/viewtopic.php?t=235128


#6

This is an old post. Somebody noticed the same message I did and log an entry here .