Re: How to deal with unsupported wpa_supplicant parameters?

From: Dan Williams <dcbw redhat com>
To: Toby <streumix gmail com>, networkmanager-list gnome org
Subject: Re: How to deal with unsupported wpa_supplicant parameters?
Date: Thu, 28 Jan 2016 10:25:26 -0600

On Thu, 2016-01-28 at 09:50 +0100, Toby wrote:

Hi,
due to a delay in the upgrade of our corporate radius servers, I
temporarily need to deactivate TLSv1.2 in phase1 of WPA2/EAP-PEAP, to
bypass a conflict with wpa_supplicant >=2.4. (known issue)
In wpa_supplicant.conf this would require a parameter
phase="tls_disable_tlsv1_2=0".
But this parameter is not covered by the current settings spec,
correct?
How to deal with this situation?
Is there a way to extend a profile with arbitrary wpa_supplicant
parameters?
Or can I merge stuff from wpa_supplicant.conf with settings
transferred via
DBUS?
Or is excluding this WiFi network from being managed by NM the only
valid
solution?


Currently, exclusion or downgrading the supplicant to a version that
does not advertise TLS v1.2 support (eg, downgrade to <= 2.3) are the
solutions.  I don't think we want to add a setting property for this
since it will eventually no longer be required, but perhaps a config
file parameter or some other out-of-band mechanism to disable TLS v1.2
where needed would be acceptable, and that can be dropped at a future
date when this is no longer a problem.

Dan

Follow-Ups:
- Re: How to deal with unsupported wpa_supplicant parameters?
  - From: Toby

References:
- How to deal with unsupported wpa_supplicant parameters?
  - From: Toby

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]