Enable TLSv1.0 by default

OpenSSL 1.1.1 disables TLSv1.0 by default and sets the security level to 2.
Some older networks may support for TLSv1.0 and less secure cyphers.


Gbp-Pq: Name allow-tlsv1.patch
This commit is contained in:
Andrej Shadura 2022-05-14 03:18:56 +08:00 committed by openKylinBot
parent 3ef10df2ab
commit e5c63b5ab3
1 changed files with 7 additions and 0 deletions

View File

@ -1035,6 +1035,13 @@ void * tls_init(const struct tls_config *conf)
os_free(data); os_free(data);
return NULL; return NULL;
} }
#ifndef EAP_SERVER_TLS
/* Enable TLSv1.0 by default to allow connecting to legacy
* networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */
SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
#endif
data->ssl = ssl; data->ssl = ssl;
if (conf) { if (conf) {
data->tls_session_lifetime = conf->tls_session_lifetime; data->tls_session_lifetime = conf->tls_session_lifetime;