mirror of https://gitee.com/openkylin/wpa.git
Enable TLSv1.0 by default
OpenSSL 1.1.1 disables TLSv1.0 by default and sets the security level to 2. Some older networks may support for TLSv1.0 and less secure cyphers. Gbp-Pq: Name allow-tlsv1.patch
This commit is contained in:
parent
3ef10df2ab
commit
e5c63b5ab3
|
@ -1035,6 +1035,13 @@ void * tls_init(const struct tls_config *conf)
|
||||||
os_free(data);
|
os_free(data);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef EAP_SERVER_TLS
|
||||||
|
/* Enable TLSv1.0 by default to allow connecting to legacy
|
||||||
|
* networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */
|
||||||
|
SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
|
||||||
|
#endif
|
||||||
|
|
||||||
data->ssl = ssl;
|
data->ssl = ssl;
|
||||||
if (conf) {
|
if (conf) {
|
||||||
data->tls_session_lifetime = conf->tls_session_lifetime;
|
data->tls_session_lifetime = conf->tls_session_lifetime;
|
||||||
|
|
Loading…
Reference in New Issue