Merge remote-tracking branch 'upstream-public/pr/1296' into HEAD
diff --git a/ChangeLog b/ChangeLog
index dd72d5b..eb8801a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,6 +35,10 @@
In the context of SSL, this resulted in handshake failure. Reported by
daniel in the Mbed TLS forum. #1351
* Fix Windows x64 builds with the included mbedTLS.sln file. #1347
+ * Fix setting version TLSv1 as minimal version, even if TLS 1
+ is not enabled. Set MBEDTLS_SSL_MIN_MAJOR_VERSION
+ and MBEDTLS_SSL_MIN_MINOR_VERSION instead of
+ MBEDTLS_SSL_MAJOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_1. #664
Changes
* Fix tag lengths and value ranges in the documentation of CCM encryption.
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 9f583a8..60b431a 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -71,6 +71,9 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1 */
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
+#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
+
/* Determine maximum supported version */
#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ff52104..236e52d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7685,8 +7685,14 @@
* Default
*/
default:
- conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
- conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */
+ conf->min_major_ver = ( MBEDTLS_SSL_MIN_MAJOR_VERSION >
+ MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION ) ?
+ MBEDTLS_SSL_MIN_MAJOR_VERSION :
+ MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION;
+ conf->min_minor_ver = ( MBEDTLS_SSL_MIN_MINOR_VERSION >
+ MBEDTLS_SSL_MIN_VALID_MINOR_VERSION ) ?
+ MBEDTLS_SSL_MIN_MINOR_VERSION :
+ MBEDTLS_SSL_MIN_VALID_MINOR_VERSION;
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;