How to force TLS 1.0 for wpa_supplicant - EAP

Carolin Latze carolin.latze
Wed Jul 22 05:57:28 PDT 2009


hm... I think you have to go into the source code and find the function
that initializes the TLS library in order to force it to at least
TLS1.0. Should be a normale TLS API call then.

Carolin

Michael Kurecka wrote:
> I'm setting up wpa_supplicant for use as EAP w/ PEAP/MSCHAPv2 and need to ensure that at a minimum TLS 1.0 is used rather than SSL 3.0 or less. What do I need to change to ensure that and how do I force the peap version to be 2 (Is it just phase1="peapver=2")? My current conf file is below.
>
>
> ctrl_interface=/var/run/wpa_supplicant
> ap_scan=1
> network={
>    ssid="OSD"
>    proto=RSN
>    key_mgmt=WPA-EAP
>    pairwise=CCMP
>    group=CCMP
>    eap=PEAP
>    identity="xxxxx"
>
>    password="xxxxx"
>    ca_cert="/etc/cert/TrustedCA.pem"
>    phase2="auth=MSCHAPv2"
>    priority=2
> }
>   

-- 
Carolin Latze
PhD Student				ICT Engineer

Department of Computer Science		Swisscom Strategy and Innovation
Boulevard de P?rolles 90		Ostermundigenstrasse 93
CH-1700 Fribourg      			CH-3006 Bern
	
phone: +41 26 300 83 30			+41 79 72 965 27
homepage: http://diuf.unifr.ch/people/latzec





More information about the Hostap mailing list