Use SSL_OP_NO_TLSv1_1 SSL_OP_NO_TLSv1_2 SSL_OP_NO_TICKET for better wpa_supplicant_8...

Bug: https://bugs.launchpad.net/ubuntu/+source/wpasupplicant/+bug/969343/comments/72
Bug: http://w1.fi/bugz/show_bug.cgi?id=447#c7
Bug: http://code.google.com/p/android/issues/detail?id=34212
Bug: 6883259
Change-Id: Ib53326cc8cd40e800454b7b92586c052bc910ba8

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 28b1313f8b68cfbd8217da968f10780513c22bc4..a89e4d1a49f9aa84c58c1fd4be06c834061aefb6 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -988,6 +988,11 @@ struct tls_connection * tls_connection_init(void *ssl_ctx)
 #ifdef SSL_OP_NO_COMPRESSION
        options |= SSL_OP_NO_COMPRESSION;
 #endif /* SSL_OP_NO_COMPRESSION */
+#ifdef ANDROID
+       options |= SSL_OP_NO_TLSv1_1;
+       options |= SSL_OP_NO_TLSv1_2;
+       options |= SSL_OP_NO_TICKET;
+#endif /* ANDROID */
        SSL_set_options(conn->ssl, options);
 
        conn->ssl_in = BIO_new(BIO_s_mem());