aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/wpa_supplicant.conf
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2017-09-16 21:09:47 (GMT)
committerJouni Malinen <j@w1.fi>2017-09-16 21:09:47 (GMT)
commit60ed2f24ebd2515854eed9fc59be75d137cccfb0 (patch)
tree8fca28eb31e667053844b2d399d9763a144d32ee /wpa_supplicant/wpa_supplicant.conf
parent5030d7d9fde000d29d204d8c57153dc46827baca (diff)
downloadhostap-60ed2f24ebd2515854eed9fc59be75d137cccfb0.zip
hostap-60ed2f24ebd2515854eed9fc59be75d137cccfb0.tar.gz
hostap-60ed2f24ebd2515854eed9fc59be75d137cccfb0.tar.bz2
Suite B: Add tls_suiteb=1 parameter for RSA 3k key case
This adds phase1 parameter tls_suiteb=1 into wpa_supplicant configuration to allow TLS library (only OpenSSL supported for now) to use Suite B 192-bit level rules with RSA when using >= 3k (3072) keys. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'wpa_supplicant/wpa_supplicant.conf')
-rw-r--r--wpa_supplicant/wpa_supplicant.conf3
1 files changed, 3 insertions, 0 deletions
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 68d0827..3430be0 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -1164,6 +1164,9 @@ fast_reauth=1
# chain when receiving CTRL-RSP-EXT_CERT_CHECK event from the control
# interface and report the result of the validation with
# CTRL-RSP_EXT_CERT_CHECK.
+# tls_suiteb=0 - do not apply Suite B 192-bit constraints on TLS (default)
+# tls_suiteb=1 - apply Suite B 192-bit constraints on TLS; this is used in
+# particular when using Suite B with RSA keys of >= 3K (3072) bits
#
# Following certificate/private key fields are used in inner Phase2
# authentication when using EAP-TTLS or EAP-PEAP.