[PATCH] TLS: Add tls_disable_tlsv1_1 and tls_disable_tlsv1_2 params

Jouni Malinen j at w1.fi
Thu Feb 20 09:29:21 EST 2014


On Wed, Feb 19, 2014 at 01:21:58PM -0800, Dmitry Shmidt wrote:
> diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
> @@ -3182,6 +3182,15 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
> +	if (params->flags & TLS_CONN_DISABLE_TLSv1_1)
> +		SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_1);
> +	else
> +		SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1_1);
> +	if (params->flags & TLS_CONN_DISABLE_TLSv1_2)
> +		SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_2);
> +	else
> +		SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1_2);

Thanks, applied with these protected using #ifdef to avoid breaking
build with older OpenSSL versions and with the new values documented in
wpa_supplicant.conf.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list