diff options
author | Gilles Peskine <Gilles.Peskine@arm.com> | 2022-08-12 22:43:18 +0200 |
---|---|---|
committer | Gilles Peskine <Gilles.Peskine@arm.com> | 2023-03-01 19:47:23 +0100 |
commit | 7d3186d18ad9e1ad9755514ded08dd79670db7e3 (patch) | |
tree | 4ac5a6b9dff8be227e6c258279302b5c351f93b5 /tests/configs | |
parent | f4385faa6f740ca07aac48874242b7a0769b778f (diff) | |
download | mbedtls-7d3186d18ad9e1ad9755514ded08dd79670db7e3.zip mbedtls-7d3186d18ad9e1ad9755514ded08dd79670db7e3.tar.gz mbedtls-7d3186d18ad9e1ad9755514ded08dd79670db7e3.tar.bz2 |
Disable MBEDTLS_SSL_RENEGOTIATION in tls13-only configuration
There's no renegotiation in TLS 1.3, so this option should have no effect.
Insist on having it disabled, to avoid the risk of accidentally having
different behavior in TLS 1.3 if the option is enabled (as happened in
https://github.com/Mbed-TLS/mbedtls/issues/6200).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Diffstat (limited to 'tests/configs')
-rw-r--r-- | tests/configs/tls13-only.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h index 963086f..1f212e7 100644 --- a/tests/configs/tls13-only.h +++ b/tests/configs/tls13-only.h @@ -29,6 +29,7 @@ /* Disable TLS 1.2 and 1.2-specific features */ #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET +#undef MBEDTLS_SSL_RENEGOTIATION #undef MBEDTLS_SSL_PROTO_TLS1_2 #undef MBEDTLS_SSL_PROTO_DTLS #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY |