How to force TLS 1.0 for wpa_supplicant - EAP
Carolin Latze
carolin.latze at unifr.ch
Wed Jul 22 08:57:28 EDT 2009
hm... I think you have to go into the source code and find the function
that initializes the TLS library in order to force it to at least
TLS1.0. Should be a normale TLS API call then.
Carolin
Michael Kurecka wrote:
> I'm setting up wpa_supplicant for use as EAP w/ PEAP/MSCHAPv2 and need to ensure that at a minimum TLS 1.0 is used rather than SSL 3.0 or less. What do I need to change to ensure that and how do I force the peap version to be 2 (Is it just phase1="peapver=2")? My current conf file is below.
>
>
> ctrl_interface=/var/run/wpa_supplicant
> ap_scan=1
> network={
> ssid="OSD"
> proto=RSN
> key_mgmt=WPA-EAP
> pairwise=CCMP
> group=CCMP
> eap=PEAP
> identity="xxxxx"
>
> password="xxxxx"
> ca_cert="/etc/cert/TrustedCA.pem"
> phase2="auth=MSCHAPv2"
> priority=2
> }
>
--
Carolin Latze
PhD Student ICT Engineer
Department of Computer Science Swisscom Strategy and Innovation
Boulevard de Pérolles 90 Ostermundigenstrasse 93
CH-1700 Fribourg CH-3006 Bern
phone: +41 26 300 83 30 +41 79 72 965 27
homepage: http://diuf.unifr.ch/people/latzec
More information about the HostAP
mailing list