From 6254bf443e06dfd386134db5a6635257efa7b55c Mon Sep 17 00:00:00 2001 From: Nachiket Kukade Date: Tue, 28 Apr 2020 10:46:59 +0530 Subject: [PATCH] wpa_supplicant: Disable TLSv1.2 by default Some Enterprise Authentication Servers do not support TLS v1.2. Move this option to Menuconfig and disable by default. --- components/wpa_supplicant/CMakeLists.txt | 1 - components/wpa_supplicant/Kconfig | 6 ++++++ components/wpa_supplicant/port/include/supplicant_opt.h | 4 ++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/components/wpa_supplicant/CMakeLists.txt b/components/wpa_supplicant/CMakeLists.txt index 24a76f6a7c..c49af5f9fb 100644 --- a/components/wpa_supplicant/CMakeLists.txt +++ b/components/wpa_supplicant/CMakeLists.txt @@ -112,6 +112,5 @@ target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_ECC CONFIG_IEEE80211W CONFIG_WPA3_SAE - CONFIG_TLSV12 CONFIG_SHA256 ) diff --git a/components/wpa_supplicant/Kconfig b/components/wpa_supplicant/Kconfig index 927dc0165a..451bb78fff 100644 --- a/components/wpa_supplicant/Kconfig +++ b/components/wpa_supplicant/Kconfig @@ -6,4 +6,10 @@ menu "Supplicant" help Select this option to use MbedTLS crypto API's which utilize hardware acceleration. + config WPA_TLS_V12 + bool "Enable TLS v1.2" + default n + help + Select this to enable TLS v1.2 for WPA2-Enterprise Authentication. + endmenu diff --git a/components/wpa_supplicant/port/include/supplicant_opt.h b/components/wpa_supplicant/port/include/supplicant_opt.h index 12d607add3..26e4f10a77 100644 --- a/components/wpa_supplicant/port/include/supplicant_opt.h +++ b/components/wpa_supplicant/port/include/supplicant_opt.h @@ -21,4 +21,8 @@ #define USE_MBEDTLS_CRYPTO 1 #endif +#if CONFIG_WPA_TLS_V12 +#define CONFIG_TLSV12 +#endif + #endif /* _SUPPLICANT_OPT_H */