diff options
author | Daniil Baturin <daniil@vyos.io> | 2023-04-21 13:38:13 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-21 13:38:13 +0100 |
commit | 821bc4f511460123e958b8eaa2e588e4623fbfe6 (patch) | |
tree | ca5283d32a34969fa95b9ee1f1421bf7f28db5bd /data/templates/ethernet | |
parent | dcba3685345b0624c13f83211628136076feac79 (diff) | |
parent | 97ef83ada9c42913bae3c80e0f2432bdf901312a (diff) | |
download | vyos-1x-821bc4f511460123e958b8eaa2e588e4623fbfe6.tar.gz vyos-1x-821bc4f511460123e958b8eaa2e588e4623fbfe6.zip |
Merge branch 'current' into current
Diffstat (limited to 'data/templates/ethernet')
-rw-r--r-- | data/templates/ethernet/wpa_supplicant.conf.j2 | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/data/templates/ethernet/wpa_supplicant.conf.j2 b/data/templates/ethernet/wpa_supplicant.conf.j2 index 8f140f6cb..cd35d6d1e 100644 --- a/data/templates/ethernet/wpa_supplicant.conf.j2 +++ b/data/templates/ethernet/wpa_supplicant.conf.j2 @@ -67,6 +67,11 @@ network={ # discards such frames to protect against potential attacks by rogue # devices, but this option can be used to disable that protection for cases # where the server/authenticator does not need to be authenticated. - phase1="allow_canned_success=1" + # + # "tls_disable_tlsv1_0=0" is used to allow TLSv1 for compatibility with + # legacy networks. This follows the behavior of Debian's wpa_supplicant, + # which includes a custom patch for allowing TLSv1, but the patch currently + # does not work for VyOS' git builds of wpa_supplicant. + phase1="allow_canned_success=1 tls_disable_tlsv1_0=0" } |