Use SSL_OP_NO_TLSv1_1 SSL_OP_NO_TLSv1_2 SSL_OP_NO_TICKET for better wpa_supplicant_8...

Bug: https://bugs.launchpad.net/ubuntu/+source/wpasupplicant/+bug/969343/comments/72
Bug: http://w1.fi/bugz/show_bug.cgi?id=447#c7
Bug: http://code.google.com/p/android/issues/detail?id=34212
Bug: 6883259

(cherry-picked from 27bf1073abe534644cc1146397082cc78873f516)

Change-Id: I9364e94853a404130125ab8df791193a886fdd34

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index aaa920b..be94e8a 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -929,6 +929,11 @@ struct tls_connection * tls_connection_init(void *ssl_ctx)
 #ifdef SSL_OP_NO_COMPRESSION
        options |= SSL_OP_NO_COMPRESSION;
 #endif /* SSL_OP_NO_COMPRESSION */
+#ifdef ANDROID
+       options |= SSL_OP_NO_TLSv1_1;
+       options |= SSL_OP_NO_TLSv1_2;
+       options |= SSL_OP_NO_TICKET;
+#endif /* ANDROID */
        SSL_set_options(conn->ssl, options);
 
        conn->ssl_in = BIO_new(BIO_s_mem());