commit 18b9a491e116d27128eb17b6091ff4f837a04ed5
author Jarno Lamsa <jarno.lamsa@arm.com> Mon Jun 10 15:23:29 2019 +0300
committer Jarno Lamsa <jarno.lamsa@arm.com> Mon Jun 10 15:23:29 2019 +0300
tree ed5440624215d4701517ca3b79448435f030e13b
parent 842be1680097c23429c3c307b782c79fa18aa654

Disable the enforce flag by default

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 38546ac..bc42d54 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2829,7 +2829,7 @@
 
 /**
  * \brief           Enable or disable Extended Master Secret enforcing.
- *                  (Default: MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED)
+ *                  (Default: MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED)
  *
  * \note            This enforces the peer to use the Extended Master Secret
  *                  extension, if the option is enabled and the peer doesn't

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 27e55d9..1f8690a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -10302,7 +10302,7 @@
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
     conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
     conf->enforce_extended_master_secret =
-        MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED;
+        MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED;
 #endif
 
 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)