27 lines
1.0 KiB
Diff
27 lines
1.0 KiB
Diff
diff -u -r wpa_supplicant-2.9/src/crypto/tls_openssl.c wpa_supplicant-2.9-tls/src/crypto/tls_openssl.c
|
|
--- wpa_supplicant-2.9/src/crypto/tls_openssl.c 2019-08-07 13:25:25.000000000 +0000
|
|
+++ wpa_supplicant-2.9-tls/src/crypto/tls_openssl.c 2020-01-22 22:49:12.575598357 +0000
|
|
@@ -1035,6 +1035,13 @@
|
|
os_free(data);
|
|
return NULL;
|
|
}
|
|
+
|
|
+#ifndef EAP_SERVER_TLS
|
|
+ /* Enable TLSv1.0 by default to allow connecting to legacy
|
|
+ * networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */
|
|
+ SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
|
|
+#endif
|
|
+
|
|
data->ssl = ssl;
|
|
if (conf) {
|
|
data->tls_session_lifetime = conf->tls_session_lifetime;
|
|
@@ -1577,6 +1584,7 @@
|
|
#ifdef SSL_OP_NO_COMPRESSION
|
|
options |= SSL_OP_NO_COMPRESSION;
|
|
#endif /* SSL_OP_NO_COMPRESSION */
|
|
+ options |= SSL_OP_NO_TICKET;
|
|
SSL_set_options(conn->ssl, options);
|
|
#ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
|
|
/* Hopefully there is no need for middlebox compatibility mechanisms
|
|
Only in wpa_supplicant-2.9-tls/src/crypto: tls_openssl.c.orig
|