Disable the enforce flag by default

2024-11-23 03:55:44 +01:00 · 2019-06-10 15:23:29 +03:00 · 2019-06-10 15:23:29 +03:00 · 18b9a491e1
commit 18b9a491e1
parent 842be16800
2 changed files with 2 additions and 2 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -2829,7 +2829,7 @@ void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems

 /**
 * \brief           Enable or disable Extended Master Secret enforcing.
- *                  (Default: MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED)
+ *                  (Default: MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED)
 *
 * \note            This enforces the peer to use the Extended Master Secret
 *                  extension, if the option is enabled and the peer doesn't
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -10302,7 +10302,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
    conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
    conf->enforce_extended_master_secret =
-        MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED;
+        MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED;
 #endif

 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)