LibreSSL v2.7 claims an OPENSSL_VERSION_NUMBER value that would indicate
that SSL_OP_NO_TLSv1_3 is available, but that does not seem to be the
case with LibreSSL. As such, skip this step based on whether
SSL_OP_NO_TLSv1_3 is defined to avoid build issues.
Signed-off-by: Jouni Malinen <j@w1.fi>
}
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+#ifdef SSL_OP_NO_TLSv1_3
if (params->flags & TLS_CONN_EAP_FAST) {
/* Need to disable TLS v1.3 at least for now since OpenSSL 1.1.1
* refuses to start the handshake with the modified ciphersuite
wpa_printf(MSG_DEBUG, "OpenSSL: Disable TLSv1.3 for EAP-FAST");
SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_3);
}
+#endif /* SSL_OP_NO_TLSv1_3 */
#endif
#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */