From 666fa2da3d6a857dcf82702c836a226dcb81b527 Mon Sep 17 00:00:00 2001
From: Juha-Pekka Kesonen <juha-pekka.kesonen@nordicsemi.no>
Date: Wed, 5 Nov 2025 14:08:46 +0200
Subject: [PATCH 1/2] ssl_msg.c: change log level for record checking

Signed-off-by: Juha-Pekka <juha-pekka.kesonen@nordicsemi.no>
---
 library/ssl_msg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 0cb2f00c12..e1198fa627 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -221,7 +221,7 @@ int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl,
                              size_t buflen)
 {
     int ret = 0;
-    MBEDTLS_SSL_DEBUG_MSG(1, ("=> mbedtls_ssl_check_record"));
+    MBEDTLS_SSL_DEBUG_MSG(3, ("=> mbedtls_ssl_check_record"));
     MBEDTLS_SSL_DEBUG_BUF(3, "record buffer", buf, buflen);
 
     /* We don't support record checking in TLS because
@@ -263,7 +263,7 @@ exit:
         ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG(1, ("<= mbedtls_ssl_check_record"));
+    MBEDTLS_SSL_DEBUG_MSG(3, ("<= mbedtls_ssl_check_record"));
     return ret;
 }
 

From 5f4cbcd33688389baa7dad238dd8b85633f2d611 Mon Sep 17 00:00:00 2001
From: Juha-Pekka Kesonen <juha-pekka.kesonen@nordicsemi.no>
Date: Wed, 5 Nov 2025 14:10:52 +0200
Subject: [PATCH 2/2] ssl_tls12: change log level for ECDH computation

Signed-off-by: Juha-Pekka <juha-pekka.kesonen@nordicsemi.no>
---
 library/ssl_tls12_client.c | 4 ++--
 library/ssl_tls12_server.c | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 35ae891c1d..4024c0014b 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2304,7 +2304,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl)
 
         header_len = 4;
 
-        MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation."));
+        MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based ECDH computation."));
 
         /*
          * Generate EC private key for ECDHE exchange.
@@ -2412,7 +2412,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl)
 
         header_len += ssl->conf->psk_identity_len;
 
-        MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation."));
+        MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based ECDH computation."));
 
         /*
          * Generate EC private key for ECDHE exchange.
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 0856dcfdd2..6b37a954d4 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -2683,7 +2683,7 @@ curve_matching_done:
         psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
         size_t ec_bits = 0;
 
-        MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation."));
+        MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based ECDH computation."));
 
         /* Convert EC's TLS ID to PSA key type. */
         if (mbedtls_ssl_get_psa_curve_info_from_tls_id(*curr_tls_id,