From 897418a28d24d8adc85ffdbe010f84becd9dc822 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 17 Apr 2015 11:26:36 +0300 Subject: [PATCH] eap_example: Fix configuration by added DH parameters The internal TLS implementation supports number of additional cipher suites that require DH parameters to be set on the server. Such a cipher suite is selected by default in the eap_example case which prevented the TLS handshake from completing successfully. Fix this by adding DH parameters to the server configuration. Signed-off-by: Jouni Malinen --- eap_example/dh.conf | 5 +++++ eap_example/eap_example_server.c | 1 + 2 files changed, 6 insertions(+) create mode 100644 eap_example/dh.conf diff --git a/eap_example/dh.conf b/eap_example/dh.conf new file mode 100644 index 000000000..7bc83251c --- /dev/null +++ b/eap_example/dh.conf @@ -0,0 +1,5 @@ +-----BEGIN DH PARAMETERS----- +MIGHAoGBAP3V8IHq3H2DUlYywsvjYNuS17eCdt0mJo6/os6PHqdhgkMrPxF9u4Gr +qKXq9e6GqmZYdjta30N3FkXaV924BJ0xOqb2TntiKg4u50/l6hSUneWt6UFBaizd +XrqjNFIme/5RXMZ7RglXliBpCepAaFLMcKhOS4ulUyYYHSy+oqRjAgEC +-----END DH PARAMETERS----- diff --git a/eap_example/eap_example_server.c b/eap_example/eap_example_server.c index 7097bcae3..a081b873a 100644 --- a/eap_example/eap_example_server.c +++ b/eap_example/eap_example_server.c @@ -81,6 +81,7 @@ static int eap_example_server_init_tls(void) /* tparams.private_key = "server.key"; */ tparams.private_key = "server-key.pem"; /* tparams.private_key_passwd = "whatever"; */ + tparams.dh_file = "dh.conf"; if (tls_global_set_params(eap_ctx.tls_ctx, &tparams)) { printf("Failed to set TLS parameters\n");