Use SSL_OP_NO_TLSv1_1 SSL_OP_NO_TLSv1_2 SSL_OP_NO_TICKET for better wpa_supplicant_8...

Bug: https://bugs.launchpad.net/ubuntu/+source/wpasupplicant/+bug/969343/comments/72
Bug: http://w1.fi/bugz/show_bug.cgi?id=447#c7
Bug: http://code.google.com/p/android/issues/detail?id=34212
Bug: 6883259
Change-Id: Ib53326cc8cd40e800454b7b92586c052bc910ba8

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index c9e5611202f668a3bc8138c47a228c694b314d7f..16932a4a75e9cea22292fa6efccd487f8d79e72a 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1061,6 +1061,11 @@ struct tls_connection * tls_connection_init(void *ssl_ctx)
 #ifdef SSL_OP_NO_COMPRESSION
        options |= SSL_OP_NO_COMPRESSION;
 #endif /* SSL_OP_NO_COMPRESSION */
+#ifdef ANDROID
+       options |= SSL_OP_NO_TLSv1_1;
+       options |= SSL_OP_NO_TLSv1_2;
+       options |= SSL_OP_NO_TICKET;
+#endif /* ANDROID */
        SSL_set_options(conn->ssl, options);
 
        conn->ssl_in = BIO_new(BIO_s_mem());