aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd/config_file.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2018-05-01 18:52:45 (GMT)
committerJouni Malinen <j@w1.fi>2018-05-01 19:13:38 (GMT)
commitbbbc7e8016dd559b65187cf1e9a8c04aa3aa9e07 (patch)
treec8cce4398db247d6883ecc270731904928e9d776 /hostapd/config_file.c
parent0d34c13a72adaf43c2fd1ea7082b6e99ecda51f3 (diff)
downloadhostap-bbbc7e8016dd559b65187cf1e9a8c04aa3aa9e07.zip
hostap-bbbc7e8016dd559b65187cf1e9a8c04aa3aa9e07.tar.gz
hostap-bbbc7e8016dd559b65187cf1e9a8c04aa3aa9e07.tar.bz2
EAP-TLS: Extend TLS version config to allow TLS v1.3 to be disabled
This may be needed to avoid interoperability issues with the new protocol version and significant changes for EAP use cases in both key derivation and handshake termination. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'hostapd/config_file.c')
-rw-r--r--hostapd/config_file.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index bd52f4a..c2d2d62 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2150,6 +2150,8 @@ static unsigned int parse_tls_flags(const char *val)
flags |= TLS_CONN_DISABLE_TLSv1_1;
if (os_strstr(val, "[DISABLE-TLSv1.2]"))
flags |= TLS_CONN_DISABLE_TLSv1_2;
+ if (os_strstr(val, "[DISABLE-TLSv1.3]"))
+ flags |= TLS_CONN_DISABLE_TLSv1_3;
if (os_strstr(val, "[SUITEB]"))
flags |= TLS_CONN_SUITEB;
if (os_strstr(val, "[SUITEB-NO-ECDH]"))