53 lines
2.2 KiB
Diff
53 lines
2.2 KiB
Diff
From bc99366f9b960150aa2e369048bbc2218c1d414e Mon Sep 17 00:00:00 2001
|
|
From: Jouni Malinen <j@w1.fi>
|
|
Date: Sun, 22 May 2022 17:01:35 +0300
|
|
Subject: [PATCH] OpenSSL: Drop security level to 0 with OpenSSL 3.0 when using
|
|
TLS 1.0/1.1
|
|
|
|
Commit 9afb68b03976 ("OpenSSL: Allow systemwide secpolicy overrides for
|
|
TLS version") with commit 58bbcfa31b18 ("OpenSSL: Update security level
|
|
drop for TLS 1.0/1.1 with OpenSSL 3.0") allow this workaround to be
|
|
enabled with an explicit network configuration parameter. However, the
|
|
default settings are still allowing TLS 1.0 and 1.1 to be negotiated
|
|
just to see them fail immediately when using OpenSSL 3.0. This is not
|
|
exactly helpful especially when the OpenSSL error message for this
|
|
particular case is "internal error" which does not really say anything
|
|
about the reason for the error.
|
|
|
|
It is is a bit inconvenient to update the security policy for this
|
|
particular issue based on the negotiated TLS version since that happens
|
|
in the middle of processing for the first message from the server.
|
|
However, this can be done by using the debug callback for printing out
|
|
the received TLS messages during processing.
|
|
|
|
Drop the OpenSSL security level to 0 if that is the only option to
|
|
continue the TLS negotiation, i.e., when TLS 1.0/1.1 are still allowed
|
|
in wpa_supplicant default configuration and OpenSSL 3.0 with the
|
|
constraint on MD5-SHA1 use.
|
|
|
|
Signed-off-by: Jouni Malinen <j@w1.fi>
|
|
---
|
|
src/crypto/tls_openssl.c | 9 +++++++++
|
|
1 file changed, 9 insertions(+)
|
|
|
|
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
|
|
index 6602ac64f..78621d926 100644
|
|
--- a/src/crypto/tls_openssl.c
|
|
+++ b/src/crypto/tls_openssl.c
|
|
@@ -1557,6 +1557,15 @@ static void tls_msg_cb(int write_p, int version, int content_type,
|
|
struct tls_connection *conn = arg;
|
|
const u8 *pos = buf;
|
|
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
+ if ((SSL_version(ssl) == TLS1_VERSION ||
|
|
+ SSL_version(ssl) == TLS1_1_VERSION) &&
|
|
+ SSL_get_security_level(ssl) > 0) {
|
|
+ wpa_printf(MSG_DEBUG,
|
|
+ "OpenSSL: Drop security level to 0 to allow TLS 1.0/1.1 use of MD5-SHA1 signature algorithm");
|
|
+ SSL_set_security_level(ssl, 0);
|
|
+ }
|
|
+#endif /* OpenSSL version >= 3.0 */
|
|
if (write_p == 2) {
|
|
wpa_printf(MSG_DEBUG,
|
|
"OpenSSL: session ver=0x%x content_type=%d",
|