lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

TLS: Allow hybrid TLS 1.2/1.3 in default configurations

Browse Source 
This implies that when both TLS 1.2 and TLS 1.3
are included in the build all the TLS 1.2 tests
using the default configuration now go through
a version negotiation on the client side.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
2022-03-15 11:23:25 +01:00
parent e71639d39b
commit f660655b84
4 changed files with 72 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
library/ssl_tls.c
View File

@ -4226,14 +4226,26 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
conf->min_major_ver = MBEDTLS_SSL_MIN_MAJOR_VERSION;
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* Hybrid TLS 1.2/1.3 is not supported yet */
conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
if( ( endpoint == MBEDTLS_SSL_IS_SERVER ) ||
( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) )
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
{
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
}
#else
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */
{
conf->min_major_ver = 0;
conf->max_major_ver = 0;
conf->min_minor_ver = 0;
conf->max_minor_ver = 0;
}
#endif
else
{
conf->min_minor_ver = MBEDTLS_SSL_MIN_MINOR_VERSION;
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
}
conf->ciphersuite_list = ssl_preset_suiteb_ciphersuites;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@ -4265,21 +4277,27 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
conf->min_major_ver = MBEDTLS_SSL_MIN_MAJOR_VERSION;
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
conf->min_minor_ver = ( MBEDTLS_SSL_MIN_MINOR_VERSION >
MBEDTLS_SSL_MIN_VALID_MINOR_VERSION ) ?
MBEDTLS_SSL_MIN_MINOR_VERSION :
MBEDTLS_SSL_MIN_VALID_MINOR_VERSION;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* Hybrid TLS 1.2/1.3 is not supported yet */
conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
#else
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( ( endpoint == MBEDTLS_SSL_IS_SERVER ) ||
( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) )
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
{
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
}
#else
{
conf->min_major_ver = 0;
conf->max_major_ver = 0;
conf->min_minor_ver = 0;
conf->max_minor_ver = 0;
}
#endif
else
{
conf->min_minor_ver = MBEDTLS_SSL_MIN_MINOR_VERSION;
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
}
conf->ciphersuite_list = mbedtls_ssl_list_ciphersuites();
#if defined(MBEDTLS_X509_CRT_PARSE_C)