On Thu, 2016-01-28 at 09:50 +0100, Toby wrote: > Hi, > due to a delay in the upgrade of our corporate radius servers, I > temporarily need to deactivate TLSv1.2 in phase1 of WPA2/EAP-PEAP, to > bypass a conflict with wpa_supplicant >=2.4. (known issue) > In wpa_supplicant.conf this would require a parameter > phase="tls_disable_tlsv1_2=0". > But this parameter is not covered by the current settings spec, > correct? > How to deal with this situation? > Is there a way to extend a profile with arbitrary wpa_supplicant > parameters? > Or can I merge stuff from wpa_supplicant.conf with settings > transferred via > DBUS? > Or is excluding this WiFi network from being managed by NM the only > valid > solution?
Currently, exclusion or downgrading the supplicant to a version that does not advertise TLS v1.2 support (eg, downgrade to <= 2.3) are the solutions. I don't think we want to add a setting property for this since it will eventually no longer be required, but perhaps a config file parameter or some other out-of-band mechanism to disable TLS v1.2 where needed would be acceptable, and that can be dropped at a future date when this is no longer a problem. Dan _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
