DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

OpenSSL: Add option to disable ECDHE with Suite B RSA

Browse source 
The hostapd.conf tls_flags=[SUITEB-NO-ECDH] and wpa_supplicant network
profile phase1="tls_suiteb_no_ecdh=1" can now be used to configure Suite
B RSA constraints with ECDHE disabled. This is mainly to allow
the DHE TLS cipher suite to be tested.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2017-09-17 21:31:01 +03:00 committed by Jouni Malinen
parent 4eb8cfe06b
commit 2ed70c7586
4 changed files with 24 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/eap_peer/eap_tls_common.c
View file

@ -88,6 +88,10 @@ static void eap_tls_params_flags(struct tls_connection_params *params,
params->flags |= TLS_CONN_SUITEB;
if (os_strstr(txt, "tls_suiteb=0"))
params->flags &= ~TLS_CONN_SUITEB;
if (os_strstr(txt, "tls_suiteb_no_ecdh=1"))
params->flags |= TLS_CONN_SUITEB_NO_ECDH;
if (os_strstr(txt, "tls_suiteb_no_ecdh=0"))
params->flags &= ~TLS_CONN_SUITEB_NO_ECDH;
}