wpa supplicant 0.7.3 assistance

Jouni Malinen j
Thu Jul 31 06:57:48 PDT 2014


On Mon, Jul 14, 2014 at 07:45:13AM +0000, Simner, John wrote:
> I have tried to find out how I can specify the required list of cipher suites and found a function tls_connection_set_cipher_list() which sets up the required cipher list for OpenSSL.
> I have found tlsv1_client_set_cipher_list() which sets up a set of cipher suites with "TODO: implement proper configuration of cipher suites".
> 
> I know that I should be calling...  SSL_CTX_set_cipher_list(ssl, CIPHER_LIST)
> With CIPHER_LIST "!ADH:!eNULL:!EXP:!LOW:AES128-SHA:AES256-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA".
> 
> Please could you tell me whether I should be looking to patch the wpa supplicant code or is there any way that I can place the required list in a config file and read them from there.

There is currently no mechanism exposed by wpa_supplicant to set this,
so you will most likely need to modify source code to either just
hardcode the special string you want for this specific case or to
provide something more generic that could be applicable for multiple
uses. It should be noted that wpa_supplicant needs to be able to control
the cipher list when EAP-FAST is used, so there are some constraints on
what can be done simply with a single call to SSL_CTX_set_cipher_list().

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list