Properly disable ECDH in only (psk) ephemeral ffdh key exchange components Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

commit: ce05f54283713b83bd5112c53515222d68a62d0f [log] [tgz]
author: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Thu Jun 15 16:44:08 2023 +0200
committer: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Thu Jun 15 16:44:08 2023 +0200
tree: e2f1c21ac9c052168836bbc4943ba1c1f7ca8dde
parent: a53dca125e06444d7d492cde61aa069d289efe98 [diff] [blame]
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 75e4147..71fd471 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h

@@ -1642,7 +1642,7 @@
  *
  * Enable TLS 1.3 ephemeral key exchange mode.
  *
- * Requires: PSA_WANT_ALG_ECDH
+ * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH
  *           MBEDTLS_X509_CRT_PARSE_C
  *           and at least one of:
  *               MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA)
@@ -1660,7 +1660,7 @@
  *
  * Enable TLS 1.3 PSK ephemeral key exchange mode.
  *
- * Requires: PSA_WANT_ALG_ECDH
+ * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH
  *
  * Comment to disable support for the PSK ephemeral key exchange mode in
  * TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not
commit	ce05f54283713b83bd5112c53515222d68a62d0f	[log] [tgz]
author	Przemek Stekiel <przemyslaw.stekiel@mobica.com>	Thu Jun 15 16:44:08 2023 +0200
committer	Przemek Stekiel <przemyslaw.stekiel@mobica.com>	Thu Jun 15 16:44:08 2023 +0200
tree	e2f1c21ac9c052168836bbc4943ba1c1f7ca8dde
parent	a53dca125e06444d7d492cde61aa069d289efe98 [diff] [blame]