Re: [RFC] Disable TLSv1.0 by default, but allow enabling it

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Dec 12, 2018, at 3:48 PM, Andrej Shadura <andrew.shadura@xxxxxxxxxxxxxxx> wrote:
> 
> On 05/12/2018 09:52, Andrej Shadura wrote:
>> On 05/12/2018 00:09, Jouni Malinen wrote:
>> Right, so what would you recommend for me to do in the meanwhile?
>> Hardcode a minimal version just for wpa-supplicant to TLSv1.0? What
>> about ciphers? Anything else?
> 
> I would really appreciate some opinion from Jouni or other people on
> this list.

  My $0.02 is to have an "allow TLSv1.0" configuration option, but have it disabled by default.  It's what we do in FreeRADIUS.

  It's arguably bad in minor ways to allow TLSv1.0.  But preventing people from getting online is likely worse.

  Alan DeKok.


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux