eapol: T5151: Allow TLSv1.0/1.1 for EAP-TLS - vyos-1x.git - VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git)

diff options

author	Andrew Gunnerson <accounts+github@chiller3.com>	2023-04-09 12:22:16 -0400
committer	Andrew Gunnerson <accounts+github@chiller3.com>	2023-04-09 12:42:32 -0400
commit	c53d73cd8958a71b853d13b1515f89c5f35bdae4 (patch)
tree	56b25e51f4b4f65638f7946e37989112c73835c0 /README.md
parent	d5eafd464047ee293c68c2fe6e1ba4e6e4d60585 (diff)
download	vyos-1x-c53d73cd8958a71b853d13b1515f89c5f35bdae4.tar.gz vyos-1x-c53d73cd8958a71b853d13b1515f89c5f35bdae4.zip

eapol: T5151: Allow TLSv1.0/1.1 for EAP-TLS

The Debian 12 upgrade in T5003 caused a regression for connecting to legacy networks that only support TLSv1.0/1.1 for EAP-TLS. Debian allows this by default in their wpa_supplicant package, but their `allow-tlsv1.patch` patch does not work properly with VyOS' newer wpa_supplicant package, which is based on the latest code in git. As a result, wpa_supplicant always respects the system-wide openssl crypto policy, disallowing TLSv1. The commit uses the documented way of allowing TLSv1, which takes precedence over the system crypto policy. Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>

Diffstat (limited to 'README.md')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: