summaryrefslogtreecommitdiffstats
path: root/testing/source/wpa_supplicant/patches/allow-tlsv1.patch
blob: eb5fb7818aa9a0db9089dd15c1a2e6e5f57c6e53 (about) (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
From: Andrej Shadura <andrewsh@debian.org>
Subject: Enable TLSv1.0 by default

OpenSSL 1.1.1 disables TLSv1.0 by default and sets the security level to 2.
Some older networks may support for TLSv1.0 and less secure cyphers.

--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -988,6 +988,13 @@
 		os_free(data);
 		return NULL;
 	}
+
+#ifndef EAP_SERVER_TLS
+	/* Enable TLSv1.0 by default to allow connecting to legacy
+	 * networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */
+	SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
+#endif
+
 	data->ssl = ssl;
 	if (conf)
 		data->tls_session_lifetime = conf->tls_session_lifetime;