Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-29 10:25:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
slackware-current/source/n/wpa_supplicant/patches/allow-tlsv1.patch

23 lines
666 B
Diff
Raw Normal View History

Fri Jan 4 21:44:44 UTC 2019 a/hwdata-0.319-noarch-1.txz: Upgraded. d/doxygen-1.8.14-x86_64-3.txz: Upgraded. Reverted (for now) to avoid segfault in doxygen-1.8.15. l/libwpg-0.3.3-x86_64-1.txz: Upgraded. l/libxml2-2.9.9-x86_64-1.txz: Upgraded. l/libxslt-1.1.33-x86_64-1.txz: Upgraded. l/python-pillow-5.4.0-x86_64-1.txz: Upgraded. x/xterm-342-x86_64-1.txz: Upgraded. testing/packages/wpa_supplicant-2.7-x86_64-3.txz: Rebuilt. Apply TLSv1 patch from Debian and make some config changes to fix WPA2-Enterprise. Once we have some testing results on this we'll consider moving it back into the main tree. Thanks to gablek.
2019-01-04 22:44:44 +01:00
From: Andrej Shadura <andrewsh@debian.org>
Subject: Enable TLSv1.0 by default
OpenSSL 1.1.1 disables TLSv1.0 by default and sets the security level to 2.
Some older networks may support for TLSv1.0 and less secure cyphers.
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -988,6 +988,13 @@
os_free(data);
return NULL;
}
+
+#ifndef EAP_SERVER_TLS
+ /* Enable TLSv1.0 by default to allow connecting to legacy
+ * networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */
+ SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
+#endif
+
data->ssl = ssl;
if (conf)
data->tls_session_lifetime = conf->tls_session_lifetime;
Reference in a new issue Copy permalink