diff options
Diffstat (limited to 'source/n/wpa_supplicant/patches/allow-tlsv1.patch')
| -rw-r--r-- | source/n/wpa_supplicant/patches/allow-tlsv1.patch | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/source/n/wpa_supplicant/patches/allow-tlsv1.patch b/source/n/wpa_supplicant/patches/allow-tlsv1.patch new file mode 100644 index 00000000..eb5fb781 --- /dev/null +++ b/source/n/wpa_supplicant/patches/allow-tlsv1.patch @@ -0,0 +1,22 @@ +From: Andrej Shadura <andrewsh@debian.org> +Subject: Enable TLSv1.0 by default + +OpenSSL 1.1.1 disables TLSv1.0 by default and sets the security level to 2. +Some older networks may support for TLSv1.0 and less secure cyphers. + +--- a/src/crypto/tls_openssl.c ++++ b/src/crypto/tls_openssl.c +@@ -988,6 +988,13 @@ + os_free(data); + return NULL; + } ++ ++#ifndef EAP_SERVER_TLS ++ /* Enable TLSv1.0 by default to allow connecting to legacy ++ * networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */ ++ SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION); ++#endif ++ + data->ssl = ssl; + if (conf) + data->tls_session_lifetime = conf->tls_session_lifetime; |