Document TLS options in phase1/phase2
Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
c22075e144
commit
9af7361b3f
|
|
@ -690,6 +690,25 @@ fast_reauth=1
|
|||
# phase2: Phase2 (inner authentication with TLS tunnel) parameters
|
||||
# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
|
||||
# "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)
|
||||
#
|
||||
# TLS-based methods can use the following parameters to control TLS behavior
|
||||
# (these are normally in the phase1 parameter, but can be used also in the
|
||||
# phase2 parameter when EAP-TLS is used within the inner tunnel):
|
||||
# tls_allow_md5=1 - allow MD5-based certificate signatures (depending on the
|
||||
# TLS library, these may be disabled by default to enforce stronger
|
||||
# security)
|
||||
# tls_disable_time_checks=1 - ignore certificate validity time (this requests
|
||||
# the TLS library to accept certificates even if they are not currently
|
||||
# valid, i.e., have expired or have not yet become valid; this should be
|
||||
# used only for testing purposes)
|
||||
# tls_disable_session_ticket=1 - disable TLS Session Ticket extension
|
||||
# tls_disable_session_ticket=0 - allow TLS Session Ticket extension to be used
|
||||
# Note: If not set, this is automatically set to 1 for EAP-TLS/PEAP/TTLS
|
||||
# as a workaround for broken authentication server implementations unless
|
||||
# EAP workarounds are disabled with eap_workarounds=0.
|
||||
# For EAP-FAST, this must be set to 0 (or left unconfigured for the
|
||||
# default value to be used automatically).
|
||||
#
|
||||
# Following certificate/private key fields are used in inner Phase2
|
||||
# authentication when using EAP-TTLS or EAP-PEAP.
|
||||
# ca_cert2: File path to CA certificate file. This file can have one or more
|
||||
|
|
|
|||
Loading…
Reference in New Issue