Disable truncated HMAC by default
diff --git a/ChangeLog b/ChangeLog
index 2e5a54f..68d2747 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -85,6 +85,7 @@
enabled in the default configuration, this is only noticeable if using a
custom config.h
* Default DHM parameters server-side upgraded from 1024 to 2048 bits.
+ * Negotiation of truncated HMAC is now disabled by default on server too.
Reauirement changes
* The minimum MSVC version required is now 2010 (better C99 support).
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 4782cd5..4c1f685 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1863,8 +1863,7 @@
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
/**
* \brief Activate negotiation of truncated HMAC
- * (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED on client,
- * MBEDTLS_SSL_TRUNC_HMAC_ENABLED on server.)
+ * (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
*
* \param conf SSL configuration
* \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 114f5ae..72bbbd7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6618,11 +6618,6 @@
}
#endif
-#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- if( endpoint == MBEDTLS_SSL_IS_SERVER )
- conf->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
-#endif
-
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] =
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ae324db..510000a 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -626,8 +626,8 @@
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
trunc_hmac=1" \
0 \
- -S "dumping 'computed mac' (20 bytes)" \
- -s "dumping 'computed mac' (10 bytes)"
+ -s "dumping 'computed mac' (20 bytes)" \
+ -S "dumping 'computed mac' (10 bytes)"
run_test "Truncated HMAC: client enabled, server disabled" \
"$P_SRV debug_level=4 trunc_hmac=0" \