OpenSSL: disable TLS 1.3 middlebox compatibility
This will hopefully not be needed for EAP-TLS use cases since there should not really be a middlebox that looks at the TLS layer details in case of EAP authentication. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
4ff0b909a9
commit
8b57a37808
1 changed files with 5 additions and 0 deletions
|
@ -1574,6 +1574,11 @@ struct tls_connection * tls_connection_init(void *ssl_ctx)
|
|||
options |= SSL_OP_NO_COMPRESSION;
|
||||
#endif /* SSL_OP_NO_COMPRESSION */
|
||||
SSL_set_options(conn->ssl, options);
|
||||
#ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
|
||||
/* Hopefully there is no need for middlebox compatibility mechanisms
|
||||
* when going through EAP authentication. */
|
||||
SSL_clear_options(conn->ssl, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
|
||||
#endif
|
||||
|
||||
conn->ssl_in = BIO_new(BIO_s_mem());
|
||||
if (!conn->ssl_in) {
|
||||
|
|
Loading…
Reference in a new issue