How to force TLS 1.0 for wpa_supplicant - EAP

Jouni Malinen j at
Fri Aug 28 14:33:42 EDT 2009

On Tue, Jul 21, 2009 at 08:40:02AM -0500, Michael Kurecka wrote:
> I'm setting up wpa_supplicant for use as EAP w/ PEAP/MSCHAPv2 and need
> to ensure that at a minimum TLS 1.0 is used rather than SSL 3.0 or
> less. What do I need to change to ensure that and how do I force the
> peap version to be 2 (Is it just phase1="peapver=2")?

You do not need to change anything. EAP-TLS (and PEAP/TTLS/FAST for that
matter) already require TLS 1.0 (or newer). SSL 3.0 won't be used.

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list