Merge remote-tracking branch 'upstream-public/pr/1296' into HEAD

This commit is contained in:
Gilles Peskine 2018-03-11 00:44:14 +01:00
commit b4c571e603
3 changed files with 15 additions and 2 deletions

View file

@ -35,6 +35,10 @@ Bugfix
In the context of SSL, this resulted in handshake failure. Reported by In the context of SSL, this resulted in handshake failure. Reported by
daniel in the Mbed TLS forum. #1351 daniel in the Mbed TLS forum. #1351
* Fix Windows x64 builds with the included mbedTLS.sln file. #1347 * Fix Windows x64 builds with the included mbedTLS.sln file. #1347
* Fix setting version TLSv1 as minimal version, even if TLS 1
is not enabled. Set MBEDTLS_SSL_MIN_MAJOR_VERSION
and MBEDTLS_SSL_MIN_MINOR_VERSION instead of
MBEDTLS_SSL_MAJOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_1. #664
Changes Changes
* Fix tag lengths and value ranges in the documentation of CCM encryption. * Fix tag lengths and value ranges in the documentation of CCM encryption.

View file

@ -71,6 +71,9 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1 */ #endif /* MBEDTLS_SSL_PROTO_TLS1 */
#endif /* MBEDTLS_SSL_PROTO_SSL3 */ #endif /* MBEDTLS_SSL_PROTO_SSL3 */
#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
/* Determine maximum supported version */ /* Determine maximum supported version */
#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3

View file

@ -7685,8 +7685,14 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
* Default * Default
*/ */
default: default:
conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; conf->min_major_ver = ( MBEDTLS_SSL_MIN_MAJOR_VERSION >
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */ MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION ) ?
MBEDTLS_SSL_MIN_MAJOR_VERSION :
MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION;
conf->min_minor_ver = ( MBEDTLS_SSL_MIN_MINOR_VERSION >
MBEDTLS_SSL_MIN_VALID_MINOR_VERSION ) ?
MBEDTLS_SSL_MIN_MINOR_VERSION :
MBEDTLS_SSL_MIN_VALID_MINOR_VERSION;
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;