wpa supplicant 0.7.3 assistance

Simner, John john.simner
Mon Jul 14 00:45:13 PDT 2014 

Dear Jouni,
I hope you can help me.
The product I am working on uses WPA supplicant 0.7.3 in a client mode and there is a requirement to only provide the following ciphers in the Client Hello to the Radius Server...

  1.  TLS_RSA_WITH_AES_128_CBC_SHA
  2.  TLS_RSA_WITH_AES_256_CBC_SHA
  3.  TLS_RSA_WITH_3DES_EDE_CBC_SHA
  4.  SSL_RSA_WITH_3DES_EDE_CBC_SHA
  5.  TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  6.  TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  7.  TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  8.  SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
The wpa supplicant is started with the following configuration file...

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=admin
fast_reauth=0
ap_scan=0
eapol_version=2

network={
                key_mgmt=IEEE8021X
                eap=TLS
                identity="OpenStage"
                ca_cert="/tmp/xsupplicant/RADIUSServerCerts.pem"
                client_cert="/tmp/certificates/RADIUSSuppCert.pem"
                private_key="/tmp/certificates/RADIUSSuppKey.pem"
                private_key_passwd=""
}

I have tried to find out how I can specify the required list of cipher suites and found a function tls_connection_set_cipher_list() which sets up the required cipher list for OpenSSL.
I have found tlsv1_client_set_cipher_list() which sets up a set of cipher suites with "TODO: implement proper configuration of cipher suites".

I know that I should be calling...  SSL_CTX_set_cipher_list(ssl, CIPHER_LIST)
With CIPHER_LIST "!ADH:!eNULL:!EXP:!LOW:AES128-SHA:AES256-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA".

Please could you tell me whether I should be looking to patch the wpa supplicant code or is there any way that I can place the required list in a config file and read them from there.

Apologies if I have not followed the correct protocol.
I found your details in http://src.gnu-darwin.org/src/contrib/wpa_supplicant/developer.txt.html

Thank you for your assistance and I look forward to your response.

Thanks..
John


[Unify: Harmonize your enterprise]

John Simner BSc(Hons) MSc CEng. MIET
Software Engineer, Devices Development

Unify Enterprise Communications Ltd.

Tel.: +44 (1908) 817378 (One Number Service)
Email: john.simner at unify.com <mailto:vorname.name at unify.com>

www.unify.co.uk<http://www.unify.co.uk/>


Unify Enterprise Communications Limited. Registered Office: Brickhill Street, Willen Lake, Milton Keynes, MK15 0DJ
Registered No: 5903714, England.

This email contains confidential information and is for the exclusive use of the addressee.
If you are not the addressee then any distribution, copying, or use of this email is prohibited.
If received in error, please advise the sender and delete immediately. We accept no liability for
any loss or damage suffered by any person arising from use of this email.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20140714/420b8133/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 4137 bytes
Desc: image001.gif
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20140714/420b8133/attachment-0001.gif>

More information about the Hostap mailing list