aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/wpa_supplicant.conf
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2012-08-17 19:27:29 (GMT)
committerJouni Malinen <j@w1.fi>2012-08-17 19:27:29 (GMT)
commit9af7361b3f1030d75474f07218a3004b312d286b (patch)
tree0a375e776abb0deea607f742137fddb764218b0e /wpa_supplicant/wpa_supplicant.conf
parentc22075e144f6a7928ec987d58f680a311ff7d853 (diff)
downloadhostap-9af7361b3f1030d75474f07218a3004b312d286b.zip
hostap-9af7361b3f1030d75474f07218a3004b312d286b.tar.gz
hostap-9af7361b3f1030d75474f07218a3004b312d286b.tar.bz2
Document TLS options in phase1/phase2
Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'wpa_supplicant/wpa_supplicant.conf')
-rw-r--r--wpa_supplicant/wpa_supplicant.conf19
1 files changed, 19 insertions, 0 deletions
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 33581c1..4cf0ce1 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -690,6 +690,25 @@ fast_reauth=1
# phase2: Phase2 (inner authentication with TLS tunnel) parameters
# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
# "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)
+#
+# TLS-based methods can use the following parameters to control TLS behavior
+# (these are normally in the phase1 parameter, but can be used also in the
+# phase2 parameter when EAP-TLS is used within the inner tunnel):
+# tls_allow_md5=1 - allow MD5-based certificate signatures (depending on the
+# TLS library, these may be disabled by default to enforce stronger
+# security)
+# tls_disable_time_checks=1 - ignore certificate validity time (this requests
+# the TLS library to accept certificates even if they are not currently
+# valid, i.e., have expired or have not yet become valid; this should be
+# used only for testing purposes)
+# tls_disable_session_ticket=1 - disable TLS Session Ticket extension
+# tls_disable_session_ticket=0 - allow TLS Session Ticket extension to be used
+# Note: If not set, this is automatically set to 1 for EAP-TLS/PEAP/TTLS
+# as a workaround for broken authentication server implementations unless
+# EAP workarounds are disabled with eap_workarounds=0.
+# For EAP-FAST, this must be set to 0 (or left unconfigured for the
+# default value to be used automatically).
+#
# Following certificate/private key fields are used in inner Phase2
# authentication when using EAP-TTLS or EAP-PEAP.
# ca_cert2: File path to CA certificate file. This file can have one or more