ssl_client.c: Adapt compression methods comment to TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>

commit: 42c1cbf1dece31d5c0a8d86fa38a477461635b32 [log] [tgz]
author: Ronald Cron <ronald.cron@arm.com> Sun Feb 20 10:24:39 2022 +0100
committer: Ronald Cron <ronald.cron@arm.com> Tue Mar 29 18:56:58 2022 +0200
tree: f8109ef7720671f2849eaa70b5ea1a95accc65e9
parent: d491c2d77925981747c972a0faf0af28c65f3e63 [diff] [blame]
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 2fe4aca..fd96865 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c

@@ -385,11 +385,15 @@
         return( ret );
     p += output_len;
 
-    /* Write legacy_compression_methods
+    /* Write legacy_compression_methods (TLS 1.3) or
+     * compression_methods (TLS 1.2)
      *
      * For every TLS 1.3 ClientHello, this vector MUST contain exactly
      * one byte set to zero, which corresponds to the 'null' compression
      * method in prior versions of TLS.
+     *
+     * For TLS 1.2 ClientHello, for security reasons we do not support
+     * compression anymore, thus also just the 'null' compression method.
      */
     MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
     *p++ = 1;
commit	42c1cbf1dece31d5c0a8d86fa38a477461635b32	[log] [tgz]
author	Ronald Cron <ronald.cron@arm.com>	Sun Feb 20 10:24:39 2022 +0100
committer	Ronald Cron <ronald.cron@arm.com>	Tue Mar 29 18:56:58 2022 +0200
tree	f8109ef7720671f2849eaa70b5ea1a95accc65e9
parent	d491c2d77925981747c972a0faf0af28c65f3e63 [diff] [blame]