From bc7a34b49419ce4ce0c771176769141be4b61c7e Mon Sep 17 00:00:00 2001 From: Nachiket Kukade Date: Thu, 30 Apr 2020 11:37:42 +0530 Subject: [PATCH] wpa_supplicant: Disable TLSv1.2 by default Some Enterprise Authentication Servers do not support TLS v1.2. Move this option to Menuconfig and disable by default. --- components/wpa_supplicant/CMakeLists.txt | 1 - components/wpa_supplicant/Kconfig | 6 ++++++ components/wpa_supplicant/port/include/supplicant_opt.h | 4 ++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/components/wpa_supplicant/CMakeLists.txt b/components/wpa_supplicant/CMakeLists.txt index 909282528..e1bfcc71b 100644 --- a/components/wpa_supplicant/CMakeLists.txt +++ b/components/wpa_supplicant/CMakeLists.txt @@ -109,7 +109,6 @@ target_compile_definitions(${COMPONENT_LIB} PRIVATE ESPRESSIF_USE ESP32_WORKAROUND CONFIG_ECC - CONFIG_TLSV12 CONFIG_SHA256 CONFIG_IEEE80211W CONFIG_WPA3_SAE diff --git a/components/wpa_supplicant/Kconfig b/components/wpa_supplicant/Kconfig index 927dc0165..451bb78ff 100644 --- a/components/wpa_supplicant/Kconfig +++ b/components/wpa_supplicant/Kconfig @@ -6,4 +6,10 @@ menu "Supplicant" help Select this option to use MbedTLS crypto API's which utilize hardware acceleration. + config WPA_TLS_V12 + bool "Enable TLS v1.2" + default n + help + Select this to enable TLS v1.2 for WPA2-Enterprise Authentication. + endmenu diff --git a/components/wpa_supplicant/port/include/supplicant_opt.h b/components/wpa_supplicant/port/include/supplicant_opt.h index 12d607add..26e4f10a7 100644 --- a/components/wpa_supplicant/port/include/supplicant_opt.h +++ b/components/wpa_supplicant/port/include/supplicant_opt.h @@ -21,4 +21,8 @@ #define USE_MBEDTLS_CRYPTO 1 #endif +#if CONFIG_WPA_TLS_V12 +#define CONFIG_TLSV12 +#endif + #endif /* _SUPPLICANT_OPT_H */