summaryrefslogtreecommitdiff
path: root/source/n/wpa_supplicant/patches/allow-tlsv1.patch
diff options
context:
space:
mode:
Diffstat (limited to 'source/n/wpa_supplicant/patches/allow-tlsv1.patch')
-rw-r--r--source/n/wpa_supplicant/patches/allow-tlsv1.patch22
1 files changed, 22 insertions, 0 deletions
diff --git a/source/n/wpa_supplicant/patches/allow-tlsv1.patch b/source/n/wpa_supplicant/patches/allow-tlsv1.patch
new file mode 100644
index 00000000..eb5fb781
--- /dev/null
+++ b/source/n/wpa_supplicant/patches/allow-tlsv1.patch
@@ -0,0 +1,22 @@
+From: Andrej Shadura <andrewsh@debian.org>
+Subject: Enable TLSv1.0 by default
+
+OpenSSL 1.1.1 disables TLSv1.0 by default and sets the security level to 2.
+Some older networks may support for TLSv1.0 and less secure cyphers.
+
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -988,6 +988,13 @@
+ os_free(data);
+ return NULL;
+ }
++
++#ifndef EAP_SERVER_TLS
++ /* Enable TLSv1.0 by default to allow connecting to legacy
++ * networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */
++ SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
++#endif
++
+ data->ssl = ssl;
+ if (conf)
+ data->tls_session_lifetime = conf->tls_session_lifetime;