Configuring enabled ciphers and TLS versions globally

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I have a system which uses wpa_supplicant for connecting to WiFi.
After an upgrade, the system is no longer able to connect to certain
EAP-TLS networks. I have found that this is because the EAP-TLS network
is using either an old/insecure version of TLS or an old/insecure
signature algorithm which wpa_supplicant no longer supports by default.
Further, I have found that adding this phase1 configuration to the
relevant `network` block in the wpa_supplicant config makes
wpa_supplicant connect:

network={
	...
	phase1="tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=0 tls_disable_tlsv1_2=0 openssl_ciphers=DEFAULT@SECLEVEL=1"
	...
}

However, ideally, I would like tho configure tls version and cipher
support globally, not per-network. I have tried readingdocumentation,
wiki pages related to wpa_supplicant and asking around in IRC channels,
but I haven't been able to find any place to globally configure this,
so I'm trying the mailing list now. Any help would be greatly
appreciated.

Also, let's not turn this into a discussion about whether or not it's
a good idea to use these old ciphers and protocols. I know that they're
disabled by default for a good reason. I'm just looking for a central
place to control which ones are enabled and which ones are disabled,
and I'm aware of the risks related to using old/insecure ciphers and
TLS versions.

Regards,
Martin Dørum
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap




[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux