Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

eap_example: Fix configuration by added DH parameters

The internal TLS implementation supports number of additional cipher
suites that require DH parameters to be set on the server. Such a cipher
suite is selected by default in the eap_example case which prevented the
TLS handshake from completing successfully. Fix this by adding DH
parameters to the server configuration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 10 years ago
parent
1acf38f1a5
commit
897418a28d
2 changed files with 6 additions and 0 deletions
Split View Show Diff Stats
  1. 5 0
      eap_example/dh.conf
  2. 1 0
      eap_example/eap_example_server.c

+ 5 - 0
eap_example/dh.conf
View File 

@@ -0,0 +1,5 @@
 
+-----BEGIN DH PARAMETERS-----
 
+MIGHAoGBAP3V8IHq3H2DUlYywsvjYNuS17eCdt0mJo6/os6PHqdhgkMrPxF9u4Gr
 
+qKXq9e6GqmZYdjta30N3FkXaV924BJ0xOqb2TntiKg4u50/l6hSUneWt6UFBaizd
 
+XrqjNFIme/5RXMZ7RglXliBpCepAaFLMcKhOS4ulUyYYHSy+oqRjAgEC
 
+-----END DH PARAMETERS-----

+ 1 - 0
eap_example/eap_example_server.c
View File 

@@ -81,6 +81,7 @@ static int eap_example_server_init_tls(void)
 
 	/* tparams.private_key = "server.key"; */
 
 	tparams.private_key = "server-key.pem";
 
 	/* tparams.private_key_passwd = "whatever"; */
 
+	tparams.dh_file = "dh.conf";
 
 
 	if (tls_global_set_params(eap_ctx.tls_ctx, &tparams)) {
 
 		printf("Failed to set TLS parameters\n");