| 123456789101112131415161718192021222324252627 |
- diff -u -r wpa_supplicant-2.9/src/crypto/tls_openssl.c wpa_supplicant-2.9-tls/src/crypto/tls_openssl.c
- --- wpa_supplicant-2.9/src/crypto/tls_openssl.c 2019-08-07 13:25:25.000000000 +0000
- +++ wpa_supplicant-2.9-tls/src/crypto/tls_openssl.c 2020-01-22 22:49:12.575598357 +0000
- @@ -1035,6 +1035,13 @@
- os_free(data);
- return NULL;
- }
- +
- +#ifndef EAP_SERVER_TLS
- + /* Enable TLSv1.0 by default to allow connecting to legacy
- + * networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */
- + SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
- +#endif
- +
- data->ssl = ssl;
- if (conf) {
- data->tls_session_lifetime = conf->tls_session_lifetime;
- @@ -1577,6 +1584,7 @@
- #ifdef SSL_OP_NO_COMPRESSION
- options |= SSL_OP_NO_COMPRESSION;
- #endif /* SSL_OP_NO_COMPRESSION */
- + options |= SSL_OP_NO_TICKET;
- SSL_set_options(conn->ssl, options);
- #ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
- /* Hopefully there is no need for middlebox compatibility mechanisms
- Only in wpa_supplicant-2.9-tls/src/crypto: tls_openssl.c.orig
|
