Changed PEAPv0 cryptobinding to be disabled by default

There are some interoperability issues with Windows Server 2008 NPS, so
better disable cryptobinding use by default for now.
This commit is contained in:
Jouni Malinen 2008-11-20 12:49:34 +02:00 committed by Jouni Malinen
parent bd1d13c199
commit c31a11c962
3 changed files with 5 additions and 5 deletions

View file

@ -353,8 +353,8 @@ struct eap_peer_config {
*
* crypto_binding option can be used to control PEAPv0 cryptobinding
* behavior:
* 0 = do not use cryptobinding
* 1 = use cryptobinding if server supports it (default)
* 0 = do not use cryptobinding (default)
* 1 = use cryptobinding if server supports it
* 2 = require cryptobinding
*/
char *phase1;

View file

@ -140,7 +140,7 @@ static void * eap_peap_init(struct eap_sm *sm)
data->peap_version = EAP_PEAP_VERSION;
data->force_peap_version = -1;
data->peap_outer_success = 2;
data->crypto_binding = OPTIONAL_BINDING;
data->crypto_binding = NO_BINDING;
if (config && config->phase1 &&
eap_peap_parse_phase1(data, config->phase1) < 0) {

View file

@ -394,8 +394,8 @@ fast_reauth=1
# protected result indication.
# 'crypto_binding' option can be used to control PEAPv0 cryptobinding
# behavior:
# * 0 = do not use cryptobinding
# * 1 = use cryptobinding if server supports it (default)
# * 0 = do not use cryptobinding (default)
# * 1 = use cryptobinding if server supports it
# * 2 = require cryptobinding
# phase2: Phase2 (inner authentication with TLS tunnel) parameters
# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or