My ISP provides a wi-fi uplink that uses WPA2-EAP, but requires TLSv1.0 for the TLS version. Don't ask me why they do this, but is it possible to get a client mode connection up with TLSv1.0?
For reference, when I run wpa_supplicant directly on other devices, this can be done by adding phase1="tls_disable_tlsv1_0=0"
to the network
block in wpa_supplicant.conf.
I have removed wpad-mini and installed the wpad-openssl package.