diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index 52db307d9..550a67f3f 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -2208,3 +2208,35 @@ def test_ap_wpa2_eap_non_ascii_identity2(dev, apdev): ev = dev[i].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=10) if ev is None: raise Exception("EAP method selection timed out") + +def test_openssl_cipher_suite_config_wpas(dev, apdev): + """OpenSSL cipher suite configuration on wpa_supplicant""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hapd = hostapd.add_ap(apdev[0]['ifname'], params) + eap_connect(dev[0], apdev[0], "TTLS", "pap user", + anonymous_identity="ttls", password="password", + openssl_ciphers="AES128", + ca_cert="auth_serv/ca.pem", phase2="auth=PAP") + eap_connect(dev[1], apdev[0], "TTLS", "pap user", + anonymous_identity="ttls", password="password", + openssl_ciphers="EXPORT", + ca_cert="auth_serv/ca.pem", phase2="auth=PAP", + expect_failure=True) + +def test_openssl_cipher_suite_config_hapd(dev, apdev): + """OpenSSL cipher suite configuration on hostapd""" + params = int_eap_server_params() + params['openssl_ciphers'] = "AES256" + hapd = hostapd.add_ap(apdev[0]['ifname'], params) + eap_connect(dev[0], apdev[0], "TTLS", "pap user", + anonymous_identity="ttls", password="password", + ca_cert="auth_serv/ca.pem", phase2="auth=PAP") + eap_connect(dev[1], apdev[0], "TTLS", "pap user", + anonymous_identity="ttls", password="password", + openssl_ciphers="AES128", + ca_cert="auth_serv/ca.pem", phase2="auth=PAP", + expect_failure=True) + eap_connect(dev[2], apdev[0], "TTLS", "pap user", + anonymous_identity="ttls", password="password", + openssl_ciphers="HIGH:!ADH", + ca_cert="auth_serv/ca.pem", phase2="auth=PAP") diff --git a/tests/hwsim/wpasupplicant.py b/tests/hwsim/wpasupplicant.py index 44efc1372..c58f1377a 100644 --- a/tests/hwsim/wpasupplicant.py +++ b/tests/hwsim/wpasupplicant.py @@ -659,7 +659,7 @@ class WpaSupplicant: "private_key_passwd", "ca_cert2", "client_cert2", "private_key2", "phase1", "phase2", "domain_suffix_match", "altsubject_match", "subject_match", "pac_file", "dh_file", - "bgscan", "ht_mcs", "id_str" ] + "bgscan", "ht_mcs", "id_str", "openssl_ciphers" ] for field in quoted: if field in kwargs and kwargs[field]: self.set_network_quoted(id, field, kwargs[field])