TLS 1.1 and TLS 1.2 Support - use SSLv23_method() not TLSv1_method()
Nick Lowe
nick.lowe
Wed Nov 5 05:30:33 PST 2014
Please can tls_openssl.c be corrected so that it calls SSLv23_method()
and not TLSv1_method() allowing TLS 1.1 and TLS 1.2 to be used?
TLSv1_method() enforces that TLS 1.0 is always used so it is the
incorrect method to call.
See: https://www.openssl.org/docs/ssl/SSL_CTX_new.html
It should just be as simple as:
@@ -810,7 +810,7 @@
}
tls_openssl_ref_count++;
- ssl = SSL_CTX_new(TLSv1_method());
+ ssl = SSL_CTX_new(SSLv23_method());
if (ssl == NULL) {
tls_openssl_ref_count--;
#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
The upcoming FreeRADIUS 2.x and 3.x releases will allow TLS 1.1 and
TLS 1.2 to be used by EAP clients, and by default:
(FreeRADIUS is the most widely deployed and used RADIUS server in the world.)
2.x:
https://github.com/FreeRADIUS/freeradius-server/commit/7d6344df30097df946010b2eac011cb9a480bec8
3.x:
https://github.com/FreeRADIUS/freeradius-server/commit/d9a285ca285148a2fb122b18f73ab0cbffbc12f0
Microsoft now support TLS 1.1 and TLS 1.2 with Network Policy Server
(NPS) when configured through a TlsVersion bit flags-based DWORD in
the Registry.
See "More Information" towards the end of
https://support.microsoft.com/kb/2977292
Regards,
Nick
More information about the Hostap
mailing list