aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2017-09-17 18:31:01 (GMT)
committerJouni Malinen <j@w1.fi>2017-09-18 09:12:48 (GMT)
commit2ed70c7586326507896022926b35f9b28ff6d8b9 (patch)
tree2d04a3560681678dab76c74247468d089f51d809 /hostapd
parent4eb8cfe06ba9dfb7b1e8d6bf0dc387399726e164 (diff)
downloadhostap-2ed70c7586326507896022926b35f9b28ff6d8b9.zip
hostap-2ed70c7586326507896022926b35f9b28ff6d8b9.tar.gz
hostap-2ed70c7586326507896022926b35f9b28ff6d8b9.tar.bz2
OpenSSL: Add option to disable ECDHE with Suite B RSA
The hostapd.conf tls_flags=[SUITEB-NO-ECDH] and wpa_supplicant network profile phase1="tls_suiteb_no_ecdh=1" can now be used to configure Suite B RSA constraints with ECDHE disabled. This is mainly to allow the DHE TLS cipher suite to be tested. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/config_file.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 41612cb..880998b 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2077,6 +2077,8 @@ static unsigned int parse_tls_flags(const char *val)
flags |= TLS_CONN_DISABLE_TLSv1_2;
if (os_strstr(val, "[SUITEB]"))
flags |= TLS_CONN_SUITEB;
+ if (os_strstr(val, "[SUITEB-NO-ECDH]"))
+ flags |= TLS_CONN_SUITEB_NO_ECDH | TLS_CONN_SUITEB;
return flags;
}