|
The Debian 12 upgrade in T5003 caused a regression for connecting to
legacy networks that only support TLSv1.0/1.1 for EAP-TLS. Debian allows
this by default in their wpa_supplicant package, but their
`allow-tlsv1.patch` patch does not work properly with VyOS' newer
wpa_supplicant package, which is based on the latest code in git. As a
result, wpa_supplicant always respects the system-wide openssl crypto
policy, disallowing TLSv1. The commit uses the documented way of
allowing TLSv1, which takes precedence over the system crypto policy.
Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
|
