commit 2abf03c551cc5a559ec123eb5295048913120650
author TRodziewicz <tomasz.rodziewicz@mobica.com> Fri Jun 25 14:40:09 2021 +0200
committer TRodziewicz <tomasz.rodziewicz@mobica.com> Mon Jun 28 14:36:37 2021 +0200
tree 17e8c183b67958d0ae6c1f71c08a3c6cfbe85668
parent 8a88f6274c5303c931c188c64a093539f3e2ca7f

Remove all TLS 1.0 and 1.1 instances and add some compatibility tests

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 1396400..5a23894 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -854,7 +854,7 @@
              * GenericBlockCipher:
              * 1. if EtM is in use: one block plus MAC
              *    otherwise: * first multiple of blocklen greater than maclen
-             * 2. IV except for TLS 1.0
+             * 2. IV
              */
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
             if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
@@ -948,7 +948,7 @@
 
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
+    if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
     {
         /* For HMAC-based ciphersuites, initialize the HMAC transforms.
            For AEAD-based ciphersuites, there is nothing to do here. */
@@ -4234,9 +4234,6 @@
     {
         switch( ssl->minor_ver )
         {
-            case MBEDTLS_SSL_MINOR_VERSION_2:
-                return( "DTLSv1.0" );
-
             case MBEDTLS_SSL_MINOR_VERSION_3:
                 return( "DTLSv1.2" );
 
@@ -4248,12 +4245,6 @@
 
     switch( ssl->minor_ver )
     {
-        case MBEDTLS_SSL_MINOR_VERSION_1:
-            return( "TLSv1.0" );
-
-        case MBEDTLS_SSL_MINOR_VERSION_2:
-            return( "TLSv1.1" );
-
         case MBEDTLS_SSL_MINOR_VERSION_3:
             return( "TLSv1.2" );