From c31a11c962388d5e07780c16a0725447e8bad0cd Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 20 Nov 2008 12:49:34 +0200 Subject: [PATCH] Changed PEAPv0 cryptobinding to be disabled by default There are some interoperability issues with Windows Server 2008 NPS, so better disable cryptobinding use by default for now. --- src/eap_peer/eap_config.h | 4 ++-- src/eap_peer/eap_peap.c | 2 +- wpa_supplicant/wpa_supplicant.conf | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h index bd526ff7e..f6126bb9c 100644 --- a/src/eap_peer/eap_config.h +++ b/src/eap_peer/eap_config.h @@ -353,8 +353,8 @@ struct eap_peer_config { * * crypto_binding option can be used to control PEAPv0 cryptobinding * behavior: - * 0 = do not use cryptobinding - * 1 = use cryptobinding if server supports it (default) + * 0 = do not use cryptobinding (default) + * 1 = use cryptobinding if server supports it * 2 = require cryptobinding */ char *phase1; diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c index 3af888c86..a350448a8 100644 --- a/src/eap_peer/eap_peap.c +++ b/src/eap_peer/eap_peap.c @@ -140,7 +140,7 @@ static void * eap_peap_init(struct eap_sm *sm) data->peap_version = EAP_PEAP_VERSION; data->force_peap_version = -1; data->peap_outer_success = 2; - data->crypto_binding = OPTIONAL_BINDING; + data->crypto_binding = NO_BINDING; if (config && config->phase1 && eap_peap_parse_phase1(data, config->phase1) < 0) { diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf index 44dc3a17a..dd4f57979 100644 --- a/wpa_supplicant/wpa_supplicant.conf +++ b/wpa_supplicant/wpa_supplicant.conf @@ -394,8 +394,8 @@ fast_reauth=1 # protected result indication. # 'crypto_binding' option can be used to control PEAPv0 cryptobinding # behavior: -# * 0 = do not use cryptobinding -# * 1 = use cryptobinding if server supports it (default) +# * 0 = do not use cryptobinding (default) +# * 1 = use cryptobinding if server supports it # * 2 = require cryptobinding # phase2: Phase2 (inner authentication with TLS tunnel) parameters # (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or