aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/wpa_supplicant.conf
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-10-12 08:53:51 (GMT)
committerJouni Malinen <j@w1.fi>2014-10-12 08:55:13 (GMT)
commit07e2de3193b0a10d1e0a6d0343698b740b279047 (patch)
treecc09567d2ae5d3b112c80e7f737fe3ff37e67647 /wpa_supplicant/wpa_supplicant.conf
parentf8995f8f1cbed905cd222c056270fea94a9a61c6 (diff)
downloadhostap-07e2de3193b0a10d1e0a6d0343698b740b279047.zip
hostap-07e2de3193b0a10d1e0a6d0343698b740b279047.tar.gz
hostap-07e2de3193b0a10d1e0a6d0343698b740b279047.tar.bz2
wpa_supplicant: Allow OpenSSL cipherlist string to be configured
The new openssl_cipher configuration parameter can be used to select which TLS cipher suites are enabled for TLS-based EAP methods when OpenSSL is used as the TLS library. This parameter can be used both as a global parameter to set the default for all network blocks and as a network block parameter to override the default for each network profile. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'wpa_supplicant/wpa_supplicant.conf')
-rw-r--r--wpa_supplicant/wpa_supplicant.conf14
1 files changed, 14 insertions, 0 deletions
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 89da0da..9f5ad53 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -132,6 +132,16 @@ fast_reauth=1
# configure the path to the pkcs11 module required by the pkcs11 engine
#pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so
+# OpenSSL cipher string
+#
+# This is an OpenSSL specific configuration option for configuring the default
+# ciphers. If not set, "DEFAULT:!EXP:!LOW" is used as the default.
+# See https://www.openssl.org/docs/apps/ciphers.html for OpenSSL documentation
+# on cipher suite configuration. This is applicable only if wpa_supplicant is
+# built to use OpenSSL.
+#openssl_ciphers=DEFAULT:!EXP:!LOW
+
+
# Dynamic EAP methods
# If EAP methods were built dynamically as shared object files, they need to be
# loaded here before being used in the network blocks. By default, EAP methods
@@ -932,6 +942,10 @@ fast_reauth=1
# 1 = try to use OCSP stapling, but not require response
# 2 = require valid OCSP stapling response
#
+# openssl_ciphers: OpenSSL specific cipher configuration
+# This can be used to override the global openssl_ciphers configuration
+# parameter (see above).
+#
# EAP-FAST variables:
# pac_file: File path for the PAC entries. wpa_supplicant will need to be able
# to create this file and write updates to it when PAC is being