As I was enrolling a few new devices last week they auto-updated to 45 before I could stop them from going past 44. Now they drop their Internet connection, give me a DHCP Lookup failed error, or won't connect at all. Any one else dealing with this? I've been in contact with both Google and Samsung.
Email Disclaimer: Pursuant to School Board policy and administrative guidelines, this e-mail system is the property of the Walnut Township Local School District. All users are cautioned that messages sent through this system are subject to the Public Records Law of the State of Ohio and subject to review by the school district. There should be no expectation of privacy. --
You received this message because you are subscribed to the Google Groups "Apps User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to appsusergrou...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
"I mean the engineers are working to get this resolved or find out a workaround, they opened a bug which doesn't really solves this problem, but it grants that they are working on this issue, for more detail about it, please visit https://code.google.com/p/chromium/issues/detail?id=510522.
1. What's happening?
- The main problem here is the Diffie Hellman weakness, this is a mathematical algorithm that is used to exchange a shared secret between two parties (i.e.: client and server). This shared secret can then be used to encrypt messages between the two parties and/or authenticate networks.
- With the recent wave of further SSL attacks on the tech community, Chrome OS and other systems are making moves to stop SSL clients from negotiating connections where the parameters have weak Diffie-Hellman (DH) keys.
2. Behavior:
- Customers affected by this issue are reporting that they are not able to connect to their PEAP/EAP-xxx networks. This is most likely due to the fact that an appliance in their environment is using a DH key with sub-1024 bit encryption (i.e.: radius server, vpn concentrator, etc.)
3. The workarounds given are:
- Upgrading the DH parameter file to 2048 bit -or-
- Use PPSK instead of EAP-xxx -or-
- Update firmware on appliance
4. What I would recommend:
- Contact your network administrator and certificate issuer to upgrade the DH parameter file to 2048 bit, this will increase your certificate quality and security and it will allow the connection to succeed.
5. For more details about the Diffie Hellman attacks, please visit https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html.
In the meantime, I'll keep this case open as I want to see the resolution, but please keep in mind that it all resides on the fact of the Diffie Hellman weakness and the recent SSL attacks. "
We also contacted our wireless vendor, Aerohive, and they also said they are working on it. This is what they said:
"The
newer releases of the Chromebook OS version 45 have increased the key size required
for the Diffie Hellman Key exchange.
This change has not yet been reflected in our APs library, and we do not yet
support the larger key size.
We are aware of this change, and are should have a solution soon.
At this time, the only workaround available would be to change the
authentication type to PPSK. "
Larry Dougher
Chief Information Officer
Information Technology Services
Windsor Southeast Supervisory Union
127 State Street, Windsor, VT 05089
Email | Google+ | Twitter | LinkedIn | 802.674.8336