summaryrefslogtreecommitdiff
path: root/data/templates
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-04-09 21:13:19 +0200
committerGitHub <noreply@github.com>2023-04-09 21:13:19 +0200
commitf5d40cf3cf8b29a289da31bb3f0368fcfaeae3c9 (patch)
tree56b25e51f4b4f65638f7946e37989112c73835c0 /data/templates
parentd5eafd464047ee293c68c2fe6e1ba4e6e4d60585 (diff)
parentc53d73cd8958a71b853d13b1515f89c5f35bdae4 (diff)
downloadvyos-1x-f5d40cf3cf8b29a289da31bb3f0368fcfaeae3c9.tar.gz
vyos-1x-f5d40cf3cf8b29a289da31bb3f0368fcfaeae3c9.zip
Merge pull request #1944 from chenxiaolong/eapol_tls_1.0_regression
eapol: T5151: Allow TLSv1.0/1.1 for EAP-TLS
Diffstat (limited to 'data/templates')
-rw-r--r--data/templates/ethernet/wpa_supplicant.conf.j27
1 files changed, 6 insertions, 1 deletions
diff --git a/data/templates/ethernet/wpa_supplicant.conf.j2 b/data/templates/ethernet/wpa_supplicant.conf.j2
index 8f140f6cb..cd35d6d1e 100644
--- a/data/templates/ethernet/wpa_supplicant.conf.j2
+++ b/data/templates/ethernet/wpa_supplicant.conf.j2
@@ -67,6 +67,11 @@ network={
# discards such frames to protect against potential attacks by rogue
# devices, but this option can be used to disable that protection for cases
# where the server/authenticator does not need to be authenticated.
- phase1="allow_canned_success=1"
+ #
+ # "tls_disable_tlsv1_0=0" is used to allow TLSv1 for compatibility with
+ # legacy networks. This follows the behavior of Debian's wpa_supplicant,
+ # which includes a custom patch for allowing TLSv1, but the patch currently
+ # does not work for VyOS' git builds of wpa_supplicant.
+ phase1="allow_canned_success=1 tls_disable_tlsv1_0=0"
}