jkmaline at cc.hut.fi
Wed Sep 27 23:17:51 EDT 2006
On Tue, Sep 19, 2006 at 02:25:45PM -0700, Donnie Wishard wrote:
> I am new to the wpa supplicant and have a question. I am trying to use this
> in a way that will not infringe on any cipher patents (RSA Idea etc). I
> have built OpenSSL without the ciphers however the supplicant will not build
> when I remove RSA from OpenSSL. That leads me to the following questions:
> 1) Does the supplicant use a certain cipher by default, and can i change
> that default.
No, by default TLS library (e.g., OpenSSL) takes care of selecting
which cipher to use.
> 2) How do I dictate which ciphers the supplicant will use.
Currently, there is no exposed configuration option in wpa_supplicant
for setting the supported cipher list. In other words, whatever was
included in the TLS library will be used.
> The fact that it wont build without RSA in the OpenSSL dll leads me to
> believe that something from RSA is required for build.
RSA is very commonly used public key algorithm used with X.509
certificates. I have never tested disabling it, but I would assume that
this could be done. Anyway, I think that RSA patent expired already
(well, at least in US; I don't know whether it could still be valid
> I guess I am just trying to figure out when / how the supplicant decides
> which cipher to use.
At the moment, this is all done in the TLS library and wpa_supplicant
does not limit the cipher selection (except for EAP-FAST which has
somewhat stricter rules on which cipher suite can be used).
Jouni Malinen PGP id EFC895FA
More information about the HostAP