aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-10-12 08:52:05 (GMT)
committerJouni Malinen <j@w1.fi>2014-10-12 08:52:05 (GMT)
commitf8995f8f1cbed905cd222c056270fea94a9a61c6 (patch)
tree52a193d32f2079b7c82c03c05149d40abe19f121 /hostapd
parentb7328434f73d7bd274e7be914d626771f32079c2 (diff)
downloadhostap-f8995f8f1cbed905cd222c056270fea94a9a61c6.zip
hostap-f8995f8f1cbed905cd222c056270fea94a9a61c6.tar.gz
hostap-f8995f8f1cbed905cd222c056270fea94a9a61c6.tar.bz2
hostapd: Allow OpenSSL cipherlist string to be configured
The new openssl_cipher configuration parameter can be used to select which TLS cipher suites are enabled when hostapd is used as an EAP server with OpenSSL as the TLS library. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/config_file.c3
-rw-r--r--hostapd/hostapd.conf9
2 files changed, 12 insertions, 0 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 32e3c49..d4ba7cc 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -1984,6 +1984,9 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "dh_file") == 0) {
os_free(bss->dh_file);
bss->dh_file = os_strdup(pos);
+ } else if (os_strcmp(buf, "openssl_ciphers") == 0) {
+ os_free(bss->openssl_ciphers);
+ bss->openssl_ciphers = os_strdup(pos);
} else if (os_strcmp(buf, "fragment_size") == 0) {
bss->fragment_size = atoi(pos);
#ifdef EAP_SERVER_FAST
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index a7ab0f6..d4e5bf0 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -763,6 +763,15 @@ eap_server=0
# "openssl dhparam -out /etc/hostapd.dh.pem 1024"
#dh_file=/etc/hostapd.dh.pem
+# OpenSSL cipher string
+#
+# This is an OpenSSL specific configuration option for configuring the default
+# ciphers. If not set, "DEFAULT:!EXP:!LOW" is used as the default.
+# See https://www.openssl.org/docs/apps/ciphers.html for OpenSSL documentation
+# on cipher suite configuration. This is applicable only if hostapd is built to
+# use OpenSSL.
+#openssl_ciphers=DEFAULT:!EXP:!LOW
+
# Fragment size for EAP methods
#fragment_size=1400