From 59e8e407a0247f373e879fa4d1c4a5181dcd26f1 Mon Sep 17 00:00:00 2001 From: Nachiket Kukade Date: Tue, 28 Apr 2020 10:05:35 +0530 Subject: [PATCH] wpa_supplicant: Disable TLSv1.2 by default Some Enterprise Authentication Servers do not support TLS v1.2. Move this option to Menuconfig and disable by default. --- components/wpa_supplicant/CMakeLists.txt | 1 - components/wpa_supplicant/Kconfig | 5 +++++ components/wpa_supplicant/port/include/supplicant_opt.h | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/components/wpa_supplicant/CMakeLists.txt b/components/wpa_supplicant/CMakeLists.txt index 3de0b2564a..226db4a7e2 100644 --- a/components/wpa_supplicant/CMakeLists.txt +++ b/components/wpa_supplicant/CMakeLists.txt @@ -118,7 +118,6 @@ target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_ECC CONFIG_IEEE80211W CONFIG_WPA3_SAE - CONFIG_TLSV12 CONFIG_SHA256 CONFIG_DPP ) diff --git a/components/wpa_supplicant/Kconfig b/components/wpa_supplicant/Kconfig index d14ef2745b..0938ad30d7 100644 --- a/components/wpa_supplicant/Kconfig +++ b/components/wpa_supplicant/Kconfig @@ -23,5 +23,10 @@ menu "Supplicant" help Select this to enable unity test for DPP. + config WPA_TLS_V12 + bool "Enable TLS v1.2" + default n + help + Select this to enable TLS v1.2 for WPA2-Enterprise Authentication. endmenu diff --git a/components/wpa_supplicant/port/include/supplicant_opt.h b/components/wpa_supplicant/port/include/supplicant_opt.h index 8ebb1e339b..f58692a18f 100644 --- a/components/wpa_supplicant/port/include/supplicant_opt.h +++ b/components/wpa_supplicant/port/include/supplicant_opt.h @@ -25,4 +25,8 @@ #define DEBUG_PRINT #endif +#if CONFIG_WPA_TLS_V12 +#define CONFIG_TLSV12 +#endif + #endif /* _SUPPLICANT_OPT_H */