diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 32e3c49dd..d4ba7cc0c 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -1984,6 +1984,9 @@ static int hostapd_config_fill(struct hostapd_config *conf, } else if (os_strcmp(buf, "dh_file") == 0) { os_free(bss->dh_file); bss->dh_file = os_strdup(pos); + } else if (os_strcmp(buf, "openssl_ciphers") == 0) { + os_free(bss->openssl_ciphers); + bss->openssl_ciphers = os_strdup(pos); } else if (os_strcmp(buf, "fragment_size") == 0) { bss->fragment_size = atoi(pos); #ifdef EAP_SERVER_FAST diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index a7ab0f6bc..d4e5bf0af 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -763,6 +763,15 @@ eap_server=0 # "openssl dhparam -out /etc/hostapd.dh.pem 1024" #dh_file=/etc/hostapd.dh.pem +# OpenSSL cipher string +# +# This is an OpenSSL specific configuration option for configuring the default +# ciphers. If not set, "DEFAULT:!EXP:!LOW" is used as the default. +# See https://www.openssl.org/docs/apps/ciphers.html for OpenSSL documentation +# on cipher suite configuration. This is applicable only if hostapd is built to +# use OpenSSL. +#openssl_ciphers=DEFAULT:!EXP:!LOW + # Fragment size for EAP methods #fragment_size=1400 diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index d7d5c3b08..90f1630da 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -444,6 +444,7 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf) os_free(conf->private_key_passwd); os_free(conf->ocsp_stapling_response); os_free(conf->dh_file); + os_free(conf->openssl_ciphers); os_free(conf->pac_opaque_encr_key); os_free(conf->eap_fast_a_id); os_free(conf->eap_fast_a_id_info); diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index 905aec32c..e37a79659 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -302,6 +302,7 @@ struct hostapd_bss_config { int check_crl; char *ocsp_stapling_response; char *dh_file; + char *openssl_ciphers; u8 *pac_opaque_encr_key; u8 *eap_fast_a_id; size_t eap_fast_a_id_len; diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c index 86f1cbe1f..690f1dc41 100644 --- a/src/ap/authsrv.c +++ b/src/ap/authsrv.c @@ -158,6 +158,7 @@ int authsrv_init(struct hostapd_data *hapd) params.private_key = hapd->conf->private_key; params.private_key_passwd = hapd->conf->private_key_passwd; params.dh_file = hapd->conf->dh_file; + params.openssl_ciphers = hapd->conf->openssl_ciphers; params.ocsp_stapling_response = hapd->conf->ocsp_stapling_response;