Set correct minimal versions in default conf

Set `MBEDTLS_SSL_MIN_MAJOR_VERSION` and `MBEDTLS_SSL_MIN_MINOR_VERSION` instead of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1`
2024-11-22 23:35:49 +01:00 · 2017-05-28 10:46:38 +03:00 · 2017-05-28 10:46:38 +03:00 · 1ac9aa7085
commit 1ac9aa7085
parent 5273182a20
3 changed files with 15 additions and 2 deletions
--- a/4
+++ b/4
@ -62,6 +62,10 @@ Bugfix
   * Fix issue in RSA key generation program programs/x509/rsa_genkey
     where the failure of CTR DRBG initialization lead to freeing an
     RSA context without proper initialization beforehand.
+   * Fix setting version TLSv1 as minimal version, even if TLS 1
+     is not enabled. Set `MBEDTLS_SSL_MIN_MAJOR_VERSION`
+     and `MBEDTLS_SSL_MIN_MINOR_VERSION` instead
+     of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1`

 Changes
   * Extend cert_write example program by options to set the CRT version
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@ -65,6 +65,9 @@
 #endif /* MBEDTLS_SSL_PROTO_TLS1   */
 #endif /* MBEDTLS_SSL_PROTO_SSL3   */

+#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
+#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
+
 /* Determine maximum supported version */
 #define MBEDTLS_SSL_MAX_MAJOR_VERSION           MBEDTLS_SSL_MAJOR_VERSION_3

--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -7335,8 +7335,14 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
         * Default
         */
        default:
-            conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
-            conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */
+            conf->min_major_ver = ( MBEDTLS_SSL_MIN_MAJOR_VERSION >
+                                    MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION ) ?
+                                    MBEDTLS_SSL_MIN_MAJOR_VERSION :
+                                    MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION;
+            conf->min_minor_ver = ( MBEDTLS_SSL_MIN_MINOR_VERSION >
+                                    MBEDTLS_SSL_MIN_VALID_MINOR_VERSION ) ?
+                                    MBEDTLS_SSL_MIN_MINOR_VERSION :
+                                    MBEDTLS_SSL_MIN_VALID_MINOR_VERSION;
            conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
            conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;