EAP-TLS: Limiting the Signature Algorithms offered by wpa_supplicant
Thomas Geppert
tgeppert at digitx.de
Mon Jan 26 05:52:53 PST 2026
Starting with openssl version 3.5 the TLS Signature algorithms defaults
now include all three ML-DSA variants as first algorithms, i.e. 0x0904
(mldsa44), 0x0905 (mldsa65), and 0x0906 (mldsa87).
I have an AP that cannot deal with an offer including these algorithms
and therefore rejects authentication.
I found the 'openssl_ciphers=' option of wpa_supplicant to limit the
ciphers it offers in the handshake.
Is there some other configuration option or method in wpa_supplicant to
limit the offered signature algorithms?
If not, do you know a configuration option or method to limit the
offered signature algorithms on the openssl side?
More information about the Hostap
mailing list