27 lines
1 KiB
Diff
27 lines
1 KiB
Diff
|
diff -u -r wpa_supplicant-2.9/src/crypto/tls_openssl.c wpa_supplicant-2.9-tls/src/crypto/tls_openssl.c
|
||
|
--- wpa_supplicant-2.9/src/crypto/tls_openssl.c 2019-08-07 13:25:25.000000000 +0000
|
||
|
+++ wpa_supplicant-2.9-tls/src/crypto/tls_openssl.c 2020-01-22 22:49:12.575598357 +0000
|
||
|
@@ -1035,6 +1035,13 @@
|
||
|
os_free(data);
|
||
|
return NULL;
|
||
|
}
|
||
|
+
|
||
|
+#ifndef EAP_SERVER_TLS
|
||
|
+ /* Enable TLSv1.0 by default to allow connecting to legacy
|
||
|
+ * networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */
|
||
|
+ SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
|
||
|
+#endif
|
||
|
+
|
||
|
data->ssl = ssl;
|
||
|
if (conf) {
|
||
|
data->tls_session_lifetime = conf->tls_session_lifetime;
|
||
|
@@ -1577,6 +1584,7 @@
|
||
|
#ifdef SSL_OP_NO_COMPRESSION
|
||
|
options |= SSL_OP_NO_COMPRESSION;
|
||
|
#endif /* SSL_OP_NO_COMPRESSION */
|
||
|
+ options |= SSL_OP_NO_TICKET;
|
||
|
SSL_set_options(conn->ssl, options);
|
||
|
#ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
|
||
|
/* Hopefully there is no need for middlebox compatibility mechanisms
|
||
|
Only in wpa_supplicant-2.9-tls/src/crypto: tls_openssl.c.orig
|