Problem with WEP in the WLAN configuration (2. version)

softfriese · 29 March 2023 13:05

REPRODUCIBILITY: Yes
OS VERSION: OS 4.5
HARDWARE: Sony Xperia XA
UI LANGUAGE: German
REGRESSION: ??

DESCRIPTION:

I want connect to WIDI-WLAN with WEP-Encryption.
(I can’t switch the system to WPA2!)
With my IntexAquafish it works well with an passwort in HEXMode.
The new Sailfish OS works with ASCII-Mode.
I tried additionally starting with $ and Ox, it don’t works!

PRECONDITIONS:

I tried anouter WIFI with WPA2.
It works.
Therefore WLAN-System ist ok, only WEP don’t works correctly

STEPS TO REPRODUCE:

Stop WLAN
Start WLAN
I write the password and then I read the information (in German), in short:
Sorry. No network possible.
In German:
Entschuldigung. Ledier konnte keine Verbindung zum ausgewählten Netzwerk hergestellt werden.

EXPECTED RESULT:

Connecting to the network

ACTUAL RESULT:

MODIFICATIONS:

This is a new installed Sailfish on my smartphone.

ADDITIONAL INFORMATION:

nephros · 29 March 2023 15:45

Maybe it’s possible to work around the problem using this trick:

not too sure though.

Are you sure it’s because of the password? Usually the wizard should say ‘password incorrect’ or so, not ’ no connection possible’.

softfriese · 30 March 2023 15:12

No, I am not sure.
In the meantime, I have the feeling that it is something else:

I was able to change the password and entered a password that I could also enter as an ASCII string. I get the same error message.
If I enter a completely wrong password, I get the information that the password is wrong.

So it is something else!
But I set up the access the same way as I did with my Intex Aquafish with Sailfish.

But I can not see what is different with the two devices.
This is just stupid!!!

nephros · 30 March 2023 15:29

What channel(s) is the WLAN working on?

softfriese · 30 March 2023 15:46

Now it works on Channel 3

ohnonot · 31 March 2023 11:07

Try disabling encryption completely on the router. Only for a short time obviously, for troubleshooting.

Does it work then?

softfriese · 31 March 2023 14:32

Without Encryption the connection works without problems.

softfriese · 1 April 2023 12:58

I have tested a little bit more.
I have a HUAWEI Router for the mobile-net.
With a WEP-Encrpytion I get the same error-message.
There must be a bug into the Sailfish-OS netstack for the WEP-Encryption.

ohnonot · 1 April 2023 15:32

OK, good to narrow it down.

Unfortunately I have never, ever used WEP, but we can do more troubleshooting.

Basically, do this:

devel-su journalctl -b -f

You can do it in a terminal on the device or securely enable SSH access.

Get a visual divider by pressing Enter a few times, then reproduce the problematic behavior, then Ctrl-C out of the command.

You should now have a fairly compact block of log messages that should somehow reflect the problem you are having.

nephros · 1 April 2023 19:34

This README has some info on how to turn on debugging in connman:

softfriese · 2 April 2023 08:49

The system repeats following error message:

[wpa_supplicant][…]__wlan_hdd_cfg80211_sched_scan_start: 3475: Network input is not correct
Sonyfish wpa_supplicant[4658]: wlan0: Failed to initiate sched scan
Sonyfish kernel: PMI: smblib_get_apsd_result: APSD not done yet.

(Sonyfish is the hostname of my device)

Inte · 2 April 2023 09:25

Can you switch friom wep to unencrypted? Maybe that would do the trick.

softfriese · 2 April 2023 09:50

I have tested the device also with the uncrypted router.
Then the device was connected to the net.

nephros · 2 April 2023 13:04

Is it possible that this fails because WEP needs RC4 and that has been disabled in openssl-1.x?

Can you try

openssl ciphers | grep RC4

on both SFOS phones, the working one and the nonworking one?

attah · 2 April 2023 15:09

Seems it is even disabled in wpa_supplicant:

github.com

sailfishos/wpa_supplicant/blob/b5123e537a51b136bcfa087c77d2ec0d90f5d004/rpm/build-config#L625

      
        
            # DPP version 3 support (experimental and still changing; do not enable for
            # production use)
            #CONFIG_DPP3=y
            
            
# Wired equivalent privacy (WEP)
            # WEP is an obsolete cryptographic data confidentiality algorithm that is not
            # considered secure. It should not be used for anything anymore. The
            # functionality needed to use WEP is available in the current wpa_supplicant
            # release under this optional build parameter. This functionality is subject to
            # be completely removed in a future release.
            #CONFIG_WEP=y
            
            
# Remove all TKIP functionality
            # TKIP is an old cryptographic data confidentiality algorithm that is not
            # considered secure. It should not be used anymore for anything else than a
            # backwards compatibility option as a group cipher when connecting to APs that
            # use WPA+WPA2 mixed mode. For now, the default wpa_supplicant build includes
            # support for this by default, but that functionality is subject to be removed
            # in the future.
            #CONFIG_NO_TKIP=y

Can’t help but agree with the comment… WPA has been available for 20 years this year after all.

And if anyone really wanted to know, the package builds fine after changing that.

softfriese · 2 April 2023 16:35

There is no command
openssl
in both devices!
There is only a directory
/usr/lib/openssl

nephros · 2 April 2023 17:03

There is a package called openssl or openssl-tools which provides that command.

But @attah seems to have found the real reason, so you don’t need to bother with this any more. Thanks for trying though.

Inte · 2 April 2023 18:25

Switching to unencrypted permanently is not an option? WEP encryption doesn’t make any sense these days and you can achive a similar grade of ‘pseudo’ security by simply hiding the unencrypted network:)

softfriese · 8 April 2023 11:38

I have found a (somewhat unsatisfactory) solution for myself:
I got myself a small repeater, which now sets up a second WIFI network with WPA2 in bridge mode and forwards the data to the first WIFI network.
This way, the rest of the network can continue to run as before.
Even though WEP has security flaws, it’s better than nothing. I don’t leave a bicycle unlocked just because my lock isn’t optimal.

My general view on this problem is:
Obviously there is a bug in the Sailfish system.
Either it will be fixed or the WEP option will no longer be offered.

attah · 8 April 2023 12:28

Why do you need WEP anyway?