OpenSSL: Add option to disable use of TLSv1.0
The new phase1 config parameter value tls_disable_tlsv1_0=1 can now be used to disable use of TLSv1.0 for a network configuration. This can be used to force a newer TLS version to be used. For example, phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1" would indicate that only TLS v1.2 is accepted. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
2456264fad
commit
5650d379a3
4 changed files with 12 additions and 0 deletions
|
|
@ -68,6 +68,10 @@ static void eap_tls_params_flags(struct tls_connection_params *params,
|
|||
params->flags |= TLS_CONN_DISABLE_SESSION_TICKET;
|
||||
if (os_strstr(txt, "tls_disable_session_ticket=0"))
|
||||
params->flags &= ~TLS_CONN_DISABLE_SESSION_TICKET;
|
||||
if (os_strstr(txt, "tls_disable_tlsv1_0=1"))
|
||||
params->flags |= TLS_CONN_DISABLE_TLSv1_0;
|
||||
if (os_strstr(txt, "tls_disable_tlsv1_0=0"))
|
||||
params->flags &= ~TLS_CONN_DISABLE_TLSv1_0;
|
||||
if (os_strstr(txt, "tls_disable_tlsv1_1=1"))
|
||||
params->flags |= TLS_CONN_DISABLE_TLSv1_1;
|
||||
if (os_strstr(txt, "tls_disable_tlsv1_1=0"))
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue