blob: c8e9644cfdcd14474e60696049729d1bc8a1a477 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 4413ec325..7dbbd2d8c 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2457,12 +2413,6 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
else
SSL_clear_options(ssl, SSL_OP_NO_TLSv1_1);
#endif /* SSL_OP_NO_TLSv1_1 */
-#ifdef SSL_OP_NO_TLSv1_2
- if (flags & TLS_CONN_DISABLE_TLSv1_2)
- SSL_set_options(ssl, SSL_OP_NO_TLSv1_2);
- else
- SSL_clear_options(ssl, SSL_OP_NO_TLSv1_2);
-#endif /* SSL_OP_NO_TLSv1_2 */
#ifdef CONFIG_SUITEB
#ifdef OPENSSL_IS_BORINGSSL
/* Start with defaults from BoringSSL */
@@ -4344,15 +4294,6 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
}
}
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
- if (params->flags & TLS_CONN_EAP_FAST) {
- /* Need to disable TLS v1.3 at least for now since OpenSSL 1.1.1
- * refuses to start the handshake with the modified ciphersuite
- * list (no TLS v1.3 ciphersuites included) for EAP-FAST. */
- wpa_printf(MSG_DEBUG, "OpenSSL: Disable TLSv1.3 for EAP-FAST");
- SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_3);
- }
-#endif
#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
while ((err = ERR_get_error())) {
|
