]> git.ipfire.org Git - thirdparty/hostap.git/commit - hostapd/config_file.c
projects / thirdparty / hostap.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e8a7af9) | patch
EAP-TLS server: Disable TLS v1.3 by default
authorJouni Malinen <j@w1.fi>
Tue, 1 May 2018 19:12:37 +0000 (22:12 +0300)
committerJouni Malinen <j@w1.fi>
Tue, 1 May 2018 19:13:38 +0000 (22:13 +0300)
commitd501c27cfeb4749b99b9af7861be15c338a0ef2a
treebc011001bf190d3fb1d79a515d787eda8cfec905tree | snapshot
parente8a7af9a38f71408977e03967df02615e266fc12commit | diff
EAP-TLS server: Disable TLS v1.3 by default

The current EAP peer implementation is not yet ready for the TLS v1.3
changes with EAP-TTLS, EAP-PEAP, and EAP-FAST, so disable TLS v1.3 for
this EAP method for now.

While the current EAP-TLS implementation is more or less complete for
TLS v1.3, there has been no interoperability testing with other
implementations, so disable for by default for now until there has been
chance to confirm that no significant interoperability issues show up
with TLS version update. tls_flags=[ENABLE-TLSv1.3] configuration
parameter can be used to enable TLS v1.3 (assuming the TLS library
supports it; e.g., when using OpenSSL 1.1.1).

Signed-off-by: Jouni Malinen <j@w1.fi>
hostapd/config_file.c diff | blob | blame | history
src/ap/ap_config.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.