From aa76206ad38b5491688c0885799bce89c0537911 Mon Sep 17 00:00:00 2001
From: Mart Lubbers <mart@martlubbers.net>
Date: Mon, 5 Nov 2018 10:09:49 +0100
Subject: [PATCH] Patch for eduroam ru

---
 index.html |  4 ++--
 nonm.html  | 39 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/index.html b/index.html
index 4085507..8991b2d 100644
--- a/index.html
+++ b/index.html
@@ -171,7 +171,7 @@
 
 		<h3>Tutorials or manuals</h3>
 		<ul>
-			<li><a href="nonm.html">Wifi roaming without network manager</a></li>
+			<li><a href="nonm.html">Wifi roaming without network manager (includes eduroam ru instructions)</a></li>
 			<li><a href="thin.html">Using a HP t5710 thin client as a retro system</a></li>
 			<li><a href="dvorak.html">Dvorak page</a></li>
 		</ul>
@@ -196,6 +196,6 @@
 		<p>Valid XHTML 1.0 Strict</p>
 		<p>Best viewed with a screen resolution &gt;= 640x480 or &gt;=80x24 text mode in one of <a href="https://en.wikipedia.org/wiki/List_of_web_browsers">these browsers.</a></p>
 		<p>The source of this website can be found <a href="https://git.martlubbers.net/?p=martlubbers.net.git">here</a></p>
-		<p>Last updated: 2018-10-22</p>
+		<p>Last updated: 2018-11-05</p>
 	</body>
 </html>
diff --git a/nonm.html b/nonm.html
index 5baa473..55096e1 100644
--- a/nonm.html
+++ b/nonm.html
@@ -79,5 +79,44 @@ update_config=1
 		Note that it resides by default in <tt>/usr/sbin</tt>.
 		<tt>wpa_gui</tt> is a graphical frontend where you can add, remove, diagnose and change wireless networks with <em>almost</em> as much functionality as <tt>wpa_cli</tt>.
 		</p>
+
+		<h2><tt>eduroam</tt></h2>
+		<p>
+		Eduroam gives a nice configuration assistant tools nowadays that will generate a <tt>wpa_supplicant.conf</tt> entry for you.
+		Previously you could hash your password using md4 but I haven't tested whether this still works.
+		</p>
+
+		<h3>update: cat broken</h3>
+		The tool worked before&tm; but not anymore on my debian testing version.
+		Therefore I've pasted my config here for later reference.
+		You get the <tt>ca_cert</tt> from the assistant tool.
+		I might upload that here as well.
+		<pre>
+network={
+	ssid="eduroam"
+	proto=RSN
+	key_mgmt=WPA-EAP
+	pairwise=CCMP
+	auth_alg=OPEN
+	eap=PEAP
+	identity="YOURUSERNAME@ru.nl"
+	anonymous_identity="anonymous@ru.nl"
+	password="YOURPASSWORD"
+#	ca_cert="/home/mrl/.cat_installer/ca.pem"
+	domain_suffix_match="authenticatie.ru.nl"
+	phase2="auth=MSCHAPV2"
+}
+		</pre>
+		</p>
+
+		<h2><tt>openssl update</tt></h2>
+		<p>
+		The new version of openssl disables everything lower than TLSv1.2.
+		If you see errors in <tt>/var/log/syslog</tt> about <tt>TLS</tt> you have to allow lower version TLS versions by changing the last two lines in <tt>/etc/ssl/openssl.cnf</tt> to:
+		<pre>
+MinProtocol = TLSv1.0
+CipherString = DEFAULT@SECLEVEL=1
+		</pre>
+		</p>
 	</body>
 </html>
-- 
2.20.1