7d3186d18a
There's no renegotiation in TLS 1.3, so this option should have no effect. Insist on having it disabled, to avoid the risk of accidentally having different behavior in TLS 1.3 if the option is enabled (as happened in https://github.com/Mbed-TLS/mbedtls/issues/6200). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
42 lines
1.4 KiB
C
42 lines
1.4 KiB
C
/* MBEDTLS_USER_CONFIG_FILE for testing.
|
|
* Only used for a few test configurations.
|
|
*
|
|
* Typical usage (note multiple levels of quoting):
|
|
* make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
|
*/
|
|
|
|
/*
|
|
* Copyright The Mbed TLS Contributors
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
* not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
/* Enable TLS 1.3 and core 1.3 features */
|
|
#define MBEDTLS_SSL_PROTO_TLS1_3
|
|
#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
|
|
|
/* Disable TLS 1.2 and 1.2-specific features */
|
|
#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
|
|
#undef MBEDTLS_SSL_RENEGOTIATION
|
|
#undef MBEDTLS_SSL_PROTO_TLS1_2
|
|
#undef MBEDTLS_SSL_PROTO_DTLS
|
|
#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
|
|
#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
|
|
#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
|
|
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID
|
|
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
|
|
|
|
/* Enable some invasive tests */
|
|
#define MBEDTLS_TEST_HOOKS
|