[PATCH] TLS: Add tls_disable_tlsv1_1 and tls_disable_tlsv1_2 params
Jouni Malinen
j
Thu Feb 20 06:29:21 PST 2014
On Wed, Feb 19, 2014 at 01:21:58PM -0800, Dmitry Shmidt wrote:
> diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
> @@ -3182,6 +3182,15 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
> + if (params->flags & TLS_CONN_DISABLE_TLSv1_1)
> + SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_1);
> + else
> + SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1_1);
> + if (params->flags & TLS_CONN_DISABLE_TLSv1_2)
> + SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_2);
> + else
> + SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1_2);
Thanks, applied with these protected using #ifdef to avoid breaking
build with older OpenSSL versions and with the new values documented in
wpa_supplicant.conf.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list