From 8ac08a41f0af1ed1c9960569fbe020e7d0bbde42 Mon Sep 17 00:00:00 2001
From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Mon, 30 Mar 2015 17:40:16 -0400
Subject: [PATCH] Disable TLS 1.2 by default. Causes MPPE key mismatches with
 eapol_test.

---
 src/main/tls.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/main/tls.c b/src/main/tls.c
index af1271fa2a..9a8554bc49 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -988,8 +988,17 @@ static CONF_PARSER tls_server_config[] = {
 #endif
 #endif
 
+#ifdef SSL_OP_NO_TLSv1_1
 	{ "disable_tlsv1_1", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, disable_tlsv1_1), NULL },
-	{ "disable_tlsv1_2", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, disable_tlsv1_2), NULL },
+#endif
+
+	/*
+	 * @fixme Disabled because using TLS1.2 seems to cause MPPE key issues with eapol_test
+	 * need to fix FreeRADIUS or wpa_supplicant.
+	 */
+#ifdef SSL_OP_NO_TLSv1_2
+	{ "disable_tlsv1_2", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, disable_tlsv1_2), "yes" },
+#endif
 
 	{ "cache", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) cache_config },
 
@@ -2438,7 +2447,7 @@ post_ca:
 #endif
 
 #ifdef SSL_OP_NO_TICKET
-	ctx_options |= SSL_OP_NO_TICKET ;
+	ctx_options |= SSL_OP_NO_TICKET;
 #endif
 
 	/*
-- 
2.47.3