How to force TLS 1.0 for wpa_supplicant - EAP

Michael Kurecka wpi.hostapd
Tue Jul 21 06:40:02 PDT 2009


I'm setting up wpa_supplicant for use as EAP w/ PEAP/MSCHAPv2 and need
to ensure that at a minimum TLS 1.0 is used rather than SSL 3.0 or
less. What do I need to change to ensure that and how do I force the
peap version to be 2 (Is it just phase1="peapver=2")? My current conf
file is below.

ctrl_interface=/var/run/wpa_supplicant
ap_scan=1
network={
   ssid="OSD"
   proto=RSN
   key_mgmt=WPA-EAP
   pairwise=CCMP
   group=CCMP
   eap=PEAP
   identity="xxxxx"
   password="xxxxx"
   ca_cert="/etc/cert/TrustedCA.pem"
   phase2="auth=MSCHAPv2"
   priority=2
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20090721/03a23a96/attachment.htm 



More information about the Hostap mailing list