Force EAP-TLSv1.2 for WPA3-Enterprise 192-bit RSA networks

Implement a WPA3-Enterprise 192-bit mode workaround to force the
connection to EAP-TLSv1.2 due to interoperability issues in
TLSv1.3 which disables the SSL_SIGN_RSA_PKCS1_SHA384 signature
algorithm, and has its own set of incompatible cipher suites which
the current WPA3 specification doesn't specify. The only specified
cipher suites in the WPA3 specifications are:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384.
See boringssl/include/openssl/tls1.h for TLSv1.3 cipher suites.
If the configuration is explictly setting TLSv1.3, then use it
anyway, but removed the invalid signature algorithm configuration
from the flow.

Bug: 271643008
Test: m
Test: Connect to WPA3-Enterprise 192-bit mode setup with RSA 3K.
Test: Connect to WPA3-Enterprise 192-bit mode setup with ECDSA.
Test: Connect to WPA3-Enterprise mode setup with RSA 3K.
Test: Verify correct TLS configuration settings from the logs.
Change-Id: I78f6b66ab2327a5a4e0da5c851c7a760f15b0bba
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index e0e10fd..29f0d18 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -3271,7 +3271,11 @@
 		EC_KEY_free(ecdh);
 #endif
 	}
-	if (flags & (TLS_CONN_SUITEB | TLS_CONN_SUITEB_NO_ECDH)) {
+	if ((flags & (TLS_CONN_SUITEB | TLS_CONN_SUITEB_NO_ECDH))
+#ifdef EAP_TLSV1_3
+			&& (flags & TLS_CONN_DISABLE_TLSv1_3)
+#endif
+												 ) {
 #ifdef OPENSSL_IS_BORINGSSL
 		uint16_t sigalgs[1] = { SSL_SIGN_RSA_PKCS1_SHA384 };