openkylin
/
wpa
mirror of https://gitee.com/openkylin/wpa.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Enable TLSv1.0 by default 

OpenSSL 1.1.1 disables TLSv1.0 by default and sets the security level to 2.
Some older networks may support for TLSv1.0 and less secure cyphers.


Gbp-Pq: Name allow-tlsv1.patch
This commit is contained in:
Andrej Shadura 2022-05-14 03:18:56 +08:00 committed by openKylinBot
parent 3ef10df2ab
commit e5c63b5ab3
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/crypto/tls_openssl.c
View File

@ -1035,6 +1035,13 @@ void * tls_init(const struct tls_config *conf)
os_free(data);
return NULL;
}
#ifndef EAP_SERVER_TLS
/* Enable TLSv1.0 by default to allow connecting to legacy
* networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */
SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
#endif
data->ssl = ssl;
if (conf) {
data->tls_session_lifetime = conf->tls_session_lifetime;