EAP-TLS: Limiting the Signature Algorithms offered by wpa_supplicant
Thomas Geppert
tgeppert at digitx.de
Mon Jan 26 10:31:38 PST 2026
OK, I found the solution myself. It can be limited with the
'SignatureAlgorithms' option in openssl.cnf
Am 26.01.26 um 14:52 schrieb Thomas Geppert:
> Starting with openssl version 3.5 the TLS Signature algorithms
> defaults now include all three ML-DSA variants as first algorithms,
> i.e. 0x0904 (mldsa44), 0x0905 (mldsa65), and 0x0906 (mldsa87).
> I have an AP that cannot deal with an offer including these algorithms
> and therefore rejects authentication.
>
> I found the 'openssl_ciphers=' option of wpa_supplicant to limit the
> ciphers it offers in the handshake.
> Is there some other configuration option or method in wpa_supplicant
> to limit the offered signature algorithms?
>
> If not, do you know a configuration option or method to limit the
> offered signature algorithms on the openssl side?
>
>
> _______________________________________________
> Hostap mailing list
> Hostap at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/hostap
More information about the Hostap
mailing list