Disable MBEDTLS_SSL_RENEGOTIATION in tls13-only configuration

There's no renegotiation in TLS 1.3, so this option should have no effect. Insist on having it disabled, to avoid the risk of accidentally having different behavior in TLS 1.3 if the option is enabled (as happened in https://github.com/Mbed-TLS/mbedtls/issues/6200). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
author: Gilles Peskine <Gilles.Peskine@arm.com> 2022-08-12 22:43:18 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> 2023-03-01 19:47:23 +0100
commit: 7d3186d18ad9e1ad9755514ded08dd79670db7e3 (patch)
tree: 4ac5a6b9dff8be227e6c258279302b5c351f93b5 /tests/configs
parent: f4385faa6f740ca07aac48874242b7a0769b778f (diff)
download: mbedtls-7d3186d18ad9e1ad9755514ded08dd79670db7e3.zip
mbedtls-7d3186d18ad9e1ad9755514ded08dd79670db7e3.tar.gz
mbedtls-7d3186d18ad9e1ad9755514ded08dd79670db7e3.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h
index 963086f..1f212e7 100644
--- a/tests/configs/tls13-only.h
+++ b/tests/configs/tls13-only.h
@@ -29,6 +29,7 @@
 /* Disable TLS 1.2 and 1.2-specific features */
 #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
 #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+#undef MBEDTLS_SSL_RENEGOTIATION
 #undef MBEDTLS_SSL_PROTO_TLS1_2
 #undef MBEDTLS_SSL_PROTO_DTLS
 #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
author	Gilles Peskine <Gilles.Peskine@arm.com>	2022-08-12 22:43:18 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-01 19:47:23 +0100
commit	7d3186d18ad9e1ad9755514ded08dd79670db7e3 (patch)
tree	4ac5a6b9dff8be227e6c258279302b5c351f93b5 /tests/configs
parent	f4385faa6f740ca07aac48874242b7a0769b778f (diff)
download	mbedtls-7d3186d18ad9e1ad9755514ded08dd79670db7e3.zip mbedtls-7d3186d18ad9e1ad9755514ded08dd79670db7e3.tar.gz mbedtls-7d3186d18ad9e1ad9755514ded08dd79670db7e3.tar.bz2