![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
gdtIn case you want to choose a different security compromise, the update has a nice summary:
wpasupplicant (2:2.6-19) unstable; urgency=medium
With this release, wpasupplicant no longer respects the system
default minimum TLS version, defaulting to TLSv1.0, not TLSv1.2. If
you're sure you will never connect to EAP networks requiring anything less
than 1.2, add this to your wpasupplicant configuration:
tls_disable_tlsv1_0=1
tls_disable_tlsv1_1=1
wpasupplicant also defaults to a security level 1, instead of the system
default 2. Should you need to change that, change this setting in your
wpasupplicant configuration:
openssl_ciphers=DEFAULT@SECLEVEL=2
Unlike wpasupplicant, hostapd still respects system defaults.
-- Andrej Shadura <…@debian.org> Sat, 15 Dec 2018 14:22:18 +0100