From: Brian Carlstrom <bdc@google.com>
Date: Thu, 26 Jul 2012 06:11:44 +0000 (-0700)
Subject: Use SSL_OP_NO_TLSv1_1 SSL_OP_NO_TLSv1_2 SSL_OP_NO_TICKET for better wpa_supplicant_8... 
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=22edebec11e4800cf190a1f5483fd0af1dbc1de2;p=thirdparty%2Fhostap.git

Use SSL_OP_NO_TLSv1_1 SSL_OP_NO_TLSv1_2 SSL_OP_NO_TICKET for better wpa_supplicant_8 interoperability

Bug: https://bugs.launchpad.net/ubuntu/+source/wpasupplicant/+bug/969343/comments/72
Bug: http://w1.fi/bugz/show_bug.cgi?id=447#c7
Bug: http://code.google.com/p/android/issues/detail?id=34212
Bug: 6883259
Change-Id: Ib53326cc8cd40e800454b7b92586c052bc910ba8
---

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 28b1313f8..a89e4d1a4 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -988,6 +988,11 @@ struct tls_connection * tls_connection_init(void *ssl_ctx)
 #ifdef SSL_OP_NO_COMPRESSION
 	options |= SSL_OP_NO_COMPRESSION;
 #endif /* SSL_OP_NO_COMPRESSION */
+#ifdef ANDROID
+	options |= SSL_OP_NO_TLSv1_1;
+	options |= SSL_OP_NO_TLSv1_2;
+	options |= SSL_OP_NO_TICKET;
+#endif /* ANDROID */
 	SSL_set_options(conn->ssl, options);
 
 	conn->ssl_in = BIO_new(BIO_s_mem());