DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

OpenSSL: Allow TLS v1.1 and v1.2 to be negotiated by default

Browse source 
Use SSLv23_method() to enable TLS version negotiation for any version
equal to or newer than 1.0. If the old behavior is needed as a
workaround for some broken authentication servers, it can be configured
with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1".

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-11-15 12:35:10 +02:00
parent 281ff42a01
commit 35efa2479f
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/crypto/tls_openssl.c
View file

@ -810,7 +810,7 @@ void * tls_init(const struct tls_config *conf)
} }
tls_openssl_ref_count++; tls_openssl_ref_count++;
ssl = SSL_CTX_new(TLSv1_method()); ssl = SSL_CTX_new(SSLv23_method());
if (ssl == NULL) { if (ssl == NULL) {
tls_openssl_ref_count--; tls_openssl_ref_count--;
#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA #ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
@ -824,6 +824,9 @@ void * tls_init(const struct tls_config *conf)
return NULL; return NULL;
} }
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
SSL_CTX_set_info_callback(ssl, ssl_info_cb); SSL_CTX_set_info_callback(ssl, ssl_info_cb);
#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA #ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
SSL_CTX_set_app_data(ssl, context); SSL_CTX_set_app_data(ssl, context);