My ISP's fiber ONT requires EAP-TLS with TLSv1.0 and it seems this stopped working after the wpa_supplicant upgrade for T4537 and T4584.
I suspect this is because Debian patches are currently being removed: https://github.com/vyos/vyos-build/blob/831846e744b63f71707a6b2ca27b10b32cef5d26/packages/hostap/build.sh#L19
and Debian has a patch that allows TLSv1.0 by default: https://salsa.debian.org/debian/wpa/-/blob/debian/2%252.10-9/debian/patches/allow-tlsv1.patch
Would it be possible to have the custom hostap package build include that specific patch?