OSEN: Disable TLS v1.3 by default
TLS v1.3 was already disabled by default for EAP-FAST, EAP-TTLS, EAP-PEAP, and EAP-TLS, but the unauthenticated client cases of EAP-TLS -like functionality (e.g., the one used in OSEN) were missed. Address those EAP types as well in the same way of disabling TLS v1.3 by default for now to avoid functionality issues with TLS libraries that enable TLS v1.3 by default. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
568e890e76
commit
e3afbd796c
1 changed files with 4 additions and 2 deletions
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions
|
||||
* Copyright (c) 2004-2013, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
|
@ -170,7 +170,9 @@ static int eap_tls_params_from_conf(struct eap_sm *sm,
|
|||
* TLS v1.3 changes, so disable this by default for now. */
|
||||
params->flags |= TLS_CONN_DISABLE_TLSv1_3;
|
||||
}
|
||||
if (data->eap_type == EAP_TYPE_TLS) {
|
||||
if (data->eap_type == EAP_TYPE_TLS ||
|
||||
data->eap_type == EAP_UNAUTH_TLS_TYPE ||
|
||||
data->eap_type == EAP_WFA_UNAUTH_TLS_TYPE) {
|
||||
/* While the current EAP-TLS implementation is more or less
|
||||
* complete for TLS v1.3, there has been no interoperability
|
||||
* testing with other implementations, so disable for by default
|
||||
|
|
Loading…
Reference in a new issue