Add identifiers and API for configuration of TLS 1.3 key exchanges
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 97bb7b6..4933980 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3548,6 +3548,14 @@
conf->ciphersuite_list = ciphersuites;
}
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config* conf,
+ const int kex_modes )
+{
+ conf->tls13_kex_modes = kex_modes;
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
const mbedtls_x509_crt_profile *profile )
@@ -6353,6 +6361,13 @@
}
#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+ /*
+ * Allow all TLS 1.3 key exchange modes by default.
+ */
+ conf->tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
/*
* Preset-specific defaults
*/