diff --git a/configs/baremetal.h b/configs/baremetal.h index 2e92e76ac..09391ddb0 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -100,6 +100,10 @@ #define MBEDTLS_SSL_CONF_SEND mbedtls_net_send #define MBEDTLS_SSL_CONF_RECV_TIMEOUT mbedtls_net_recv_timeout #define MBEDTLS_SSL_CONF_RNG mbedtls_hmac_drbg_random +#define MBEDTLS_SSL_CONF_MIN_MINOR_VER MBEDTLS_SSL_MINOR_VERSION_3 +#define MBEDTLS_SSL_CONF_MAX_MINOR_VER MBEDTLS_SSL_MINOR_VERSION_3 +#define MBEDTLS_SSL_CONF_MIN_MAJOR_VER MBEDTLS_SSL_MAJOR_VERSION_3 +#define MBEDTLS_SSL_CONF_MAX_MAJOR_VER MBEDTLS_SSL_MAJOR_VERSION_3 #define MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET \ MBEDTLS_SSL_EXTENDED_MS_ENABLED #define MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET \ diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 8290c516d..e18c11bee 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3636,6 +3636,12 @@ */ //#define MBEDTLS_SSL_CONF_RNG mbedtls_ctr_drbg_random +/* TLS version */ +//#define MBEDTLS_SSL_CONF_MIN_MINOR_VER MBEDTLS_SSL_MINOR_VERSION_3 +//#define MBEDTLS_SSL_CONF_MAX_MINOR_VER MBEDTLS_SSL_MINOR_VERSION_3 +//#define MBEDTLS_SSL_CONF_MIN_MAJOR_VER MBEDTLS_SSL_MAJOR_VERSION_3 +//#define MBEDTLS_SSL_CONF_MAX_MAJOR_VER MBEDTLS_SSL_MAJOR_VERSION_3 + /* ExtendedMasterSecret extension * The following two options must be set/unset simultaneously. */ //#define MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET MBEDTLS_SSL_EXTENDED_MS_ENABLED diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 169e054c0..ee8bd818b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1132,10 +1132,18 @@ struct mbedtls_ssl_config unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */ #endif +#if !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER) unsigned char max_major_ver; /*!< max. major version used */ +#endif /* !MBEDTLS_SSL_CONF_MAX_MAJOR_VER */ +#if !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) unsigned char max_minor_ver; /*!< max. minor version used */ +#endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */ +#if !defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER) unsigned char min_major_ver; /*!< min. major version used */ +#endif /* !MBEDTLS_SSL_CONF_MIN_MAJOR_VER */ +#if !defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER) unsigned char min_minor_ver; /*!< min. minor version used */ +#endif /* !MBEDTLS_SSL_CONF_MIN_MINOR_VER */ /* * Flags (bitfields) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 8a515772d..d2299ea38 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1423,6 +1423,50 @@ static inline mbedtls_frng_t* mbedtls_ssl_conf_get_frng( } #endif /* MBEDTLS_SSL_CONF_RNG */ +static inline int mbedtls_ssl_conf_get_max_major_ver( + mbedtls_ssl_config const *conf ) +{ +#if !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER) + return( conf->max_major_ver ); +#else + ((void) conf); + return( MBEDTLS_SSL_CONF_MAX_MAJOR_VER ); +#endif /* MBEDTLS_SSL_CONF_MAX_MAJOR_VER */ +} + +static inline int mbedtls_ssl_conf_get_min_major_ver( + mbedtls_ssl_config const *conf ) +{ +#if !defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER) + return( conf->min_major_ver ); +#else /* !MBEDTLS_SSL_CONF_MIN_MAJOR_VER */ + ((void) conf); + return( MBEDTLS_SSL_CONF_MIN_MAJOR_VER ); +#endif /* MBEDTLS_SSL_CONF_MIN_MAJOR_VER */ +} + +static inline int mbedtls_ssl_conf_get_max_minor_ver( + mbedtls_ssl_config const *conf ) +{ +#if !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) + return( conf->max_minor_ver ); +#else /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */ + ((void) conf); + return( MBEDTLS_SSL_CONF_MAX_MINOR_VER ); +#endif /* MBEDTLS_SSL_CONF_MAX_MINOR_VER */ +} + +static inline int mbedtls_ssl_conf_get_min_minor_ver( + mbedtls_ssl_config const *conf ) +{ +#if !defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER) + return( conf->min_minor_ver ); +#else /* !MBEDTLS_SSL_CONF_MIN_MINOR_VER */ + ((void) conf); + return( MBEDTLS_SSL_CONF_MIN_MINOR_VER ); +#endif /* MBEDTLS_SSL_CONF_MIN_MINOR_VER */ +} + #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) static inline unsigned int mbedtls_ssl_conf_get_ems( mbedtls_ssl_config const *conf ) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index d45f3d3fe..7291fd753 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -180,8 +180,11 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, *olen = 0; - if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) + if( mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) != + MBEDTLS_SSL_MINOR_VERSION_3 ) + { return; + } MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) ); @@ -558,7 +561,8 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, *olen = 0; if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || - ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) == + MBEDTLS_SSL_MINOR_VERSION_0 ) { return; } @@ -593,7 +597,8 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, if( mbedtls_ssl_conf_get_ems( ssl->conf ) == MBEDTLS_SSL_EXTENDED_MS_DISABLED || - ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) == + MBEDTLS_SSL_MINOR_VERSION_0 ) { return; } @@ -788,7 +793,6 @@ static int ssl_validate_ciphersuite( mbedtls_ssl_ciphersuite_handle_t suite_info if( suite_info == MBEDTLS_SSL_CIPHERSUITE_INVALID_HANDLE ) return( 1 ); - if( mbedtls_ssl_suite_get_min_minor_ver( suite_info ) > max_minor_ver || mbedtls_ssl_suite_get_max_minor_ver( suite_info ) < min_minor_ver ) { @@ -846,11 +850,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE ) { - ssl->major_ver = ssl->conf->min_major_ver; - ssl->minor_ver = ssl->conf->min_minor_ver; + ssl->major_ver = mbedtls_ssl_conf_get_min_major_ver( ssl->conf ); + ssl->minor_ver = mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ); } - if( ssl->conf->max_major_ver == 0 ) + if( mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "configured max major version is invalid, " "consider using mbedtls_ssl_config_defaults()" ) ); @@ -867,8 +871,9 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) buf = ssl->out_msg; p = buf + 4; - mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, - ssl->conf->transport, p ); + mbedtls_ssl_write_version( mbedtls_ssl_conf_get_max_major_ver( ssl->conf ), + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ), + ssl->conf->transport, p ); p += 2; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]", @@ -981,8 +986,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ciphersuite_info ) { if( ssl_validate_ciphersuite( ciphersuite_info, ssl, - ssl->conf->min_minor_ver, - ssl->conf->max_minor_ver ) != 0 ) + mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ), + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) != 0 ) { continue; } @@ -1563,8 +1568,8 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) */ if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 || minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 || - major_ver > ssl->conf->max_major_ver || - minor_ver > ssl->conf->max_minor_ver ) + major_ver > mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) || + minor_ver > mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) ); @@ -1715,16 +1720,18 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver, ssl->conf->transport, buf + 0 ); - if( ssl->major_ver < ssl->conf->min_major_ver || - ssl->minor_ver < ssl->conf->min_minor_ver || - ssl->major_ver > ssl->conf->max_major_ver || - ssl->minor_ver > ssl->conf->max_minor_ver ) + if( ssl->major_ver < mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) || + ssl->minor_ver < mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) || + ssl->major_ver > mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) || + ssl->minor_ver > mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "server version out of bounds - " " min: [%d:%d], server: [%d:%d], max: [%d:%d]", - ssl->conf->min_major_ver, ssl->conf->min_minor_ver, + mbedtls_ssl_conf_get_min_major_ver( ssl->conf ), + mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ), ssl->major_ver, ssl->minor_ver, - ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) ); + mbedtls_ssl_conf_get_max_major_ver( ssl->conf ), + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); @@ -1886,8 +1893,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ciphersuite_info ) { if( ssl_validate_ciphersuite( ciphersuite_info, ssl, - ssl->conf->min_minor_ver, - ssl->conf->max_minor_ver ) != 0 ) + mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ), + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) != 0 ) { continue; } @@ -2360,8 +2367,9 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, * opaque random[46]; * } PreMasterSecret; */ - mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, - ssl->conf->transport, p ); + mbedtls_ssl_write_version( mbedtls_ssl_conf_get_max_major_ver( ssl->conf ), + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ), + ssl->conf->transport, p ); if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf ) ( ssl->conf->p_rng, p + 2, 46 ) ) != 0 ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index e743eff87..553ded29d 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1090,15 +1090,17 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) } ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; - ssl->minor_ver = ( buf[4] <= ssl->conf->max_minor_ver ) - ? buf[4] : ssl->conf->max_minor_ver; + ssl->minor_ver = + ( buf[4] <= mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) + ? buf[4] : mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ); - if( ssl->minor_ver < ssl->conf->min_minor_ver ) + if( ssl->minor_ver < mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum" " [%d:%d] < [%d:%d]", ssl->major_ver, ssl->minor_ver, - ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) ); + mbedtls_ssl_conf_get_min_major_ver( ssl->conf ), + mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); @@ -1213,7 +1215,8 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "received FALLBACK_SCSV" ) ); - if( ssl->minor_ver < ssl->conf->max_minor_ver ) + if( ssl->minor_ver < + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) ); @@ -1624,25 +1627,26 @@ read_record_header: ssl->handshake->max_major_ver = ssl->major_ver; ssl->handshake->max_minor_ver = ssl->minor_ver; - if( ssl->major_ver < ssl->conf->min_major_ver || - ssl->minor_ver < ssl->conf->min_minor_ver ) + if( ssl->major_ver < mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) || + ssl->minor_ver < mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum" " [%d:%d] < [%d:%d]", ssl->major_ver, ssl->minor_ver, - ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) ); + mbedtls_ssl_conf_get_min_major_ver( ssl->conf ), + mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); } - if( ssl->major_ver > ssl->conf->max_major_ver ) + if( ssl->major_ver > mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) ) { - ssl->major_ver = ssl->conf->max_major_ver; - ssl->minor_ver = ssl->conf->max_minor_ver; + ssl->major_ver = mbedtls_ssl_conf_get_max_major_ver( ssl->conf ); + ssl->minor_ver = mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ); } - else if( ssl->minor_ver > ssl->conf->max_minor_ver ) - ssl->minor_ver = ssl->conf->max_minor_ver; + else if( ssl->minor_ver > mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) + ssl->minor_ver = mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ); /* * Save client random (inc. Unix time) @@ -2019,7 +2023,8 @@ read_record_header: { MBEDTLS_SSL_DEBUG_MSG( 2, ( "received FALLBACK_SCSV" ) ); - if( ssl->minor_ver < ssl->conf->max_minor_ver ) + if( ssl->minor_ver < + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2a2d3219e..0c4ba9afb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4705,7 +4705,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } - if( minor_ver > ssl->conf->max_minor_ver ) + if( minor_ver > mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) ); return( MBEDTLS_ERR_SSL_INVALID_RECORD ); @@ -8717,14 +8717,42 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ) { +#if defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER) && \ + defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) + ((void) conf); +#endif + +#if !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER) conf->max_major_ver = major; +#else + ((void) major); +#endif /* MBEDTLS_SSL_CONF_MAX_MAJOR_VER */ + +#if !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) conf->max_minor_ver = minor; +#else + ((void) minor); +#endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */ } void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ) { +#if defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER) && \ + defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER) + ((void) conf); +#endif + +#if !defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER) conf->min_major_ver = major; +#else + ((void) major); +#endif /* MBEDTLS_SSL_CONF_MIN_MAJOR_VER */ + +#if !defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER) conf->min_minor_ver = minor; +#else + ((void) minor); +#endif /* !MBEDTLS_SSL_CONF_MIN_MINOR_VER */ } #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) @@ -10961,10 +10989,18 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, * NSA Suite B */ case MBEDTLS_SSL_PRESET_SUITEB: +#if !defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER) conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; +#endif /* !MBEDTLS_SSL_CONF_MIN_MAJOR_VER */ +#if !defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER) conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */ +#endif /* !MBEDTLS_SSL_CONF_MIN_MINOR_VER */ +#if !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER) conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; +#endif /* !MBEDTLS_SSL_CONF_MAX_MAJOR_VER */ +#if !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; +#endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */ #if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = @@ -10991,21 +11027,28 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, * Default */ default: +#if !defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER) conf->min_major_ver = ( MBEDTLS_SSL_MIN_MAJOR_VERSION > MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION ) ? MBEDTLS_SSL_MIN_MAJOR_VERSION : MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION; +#endif /* !MBEDTLS_SSL_CONF_MIN_MAJOR_VER */ +#if !defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER) conf->min_minor_ver = ( MBEDTLS_SSL_MIN_MINOR_VERSION > MBEDTLS_SSL_MIN_VALID_MINOR_VERSION ) ? MBEDTLS_SSL_MIN_MINOR_VERSION : MBEDTLS_SSL_MIN_VALID_MINOR_VERSION; - conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; - conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; - #if defined(MBEDTLS_SSL_PROTO_DTLS) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) ) conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2; #endif +#endif /* !MBEDTLS_SSL_CONF_MIN_MINOR_VER */ +#if !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER) + conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; +#endif /* !MBEDTLS_SSL_CONF_MAX_MAJOR_VER */ +#if !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) + conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; +#endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */ #if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] =