mbedtls: Fix build errors related to TLS 1.3

- Kconfig: Enabled MBEDTLS_HKDF_C by default when TLS 1.3 support is enabled - esp-tls (mbedtls): Forced client to use TLS 1.3 when TLS 1.3 support is enabled
2024-09-20 00:36:01 -04:00 · 2022-02-22 12:45:22 +05:30 · 2022-02-22 12:45:22 +05:30 · f5feb7813e
commit f5feb7813e
parent 0868513ddd
2 changed files with 9 additions and 0 deletions
--- a/components/esp-tls/esp_tls_mbedtls.c
+++ b/components/esp-tls/esp_tls_mbedtls.c
@ -114,6 +114,14 @@ esp_err_t esp_create_mbedtls_handle(const char *hostname, size_t hostlen, const
    mbedtls_esp_enable_debug_log(&tls->conf, CONFIG_MBEDTLS_DEBUG_LEVEL);
 #endif

+#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_3
+    // NOTE: Mbed TLS currently supports only client-side config with TLS 1.3
+    if (tls->role != ESP_TLS_SERVER) {
+        mbedtls_ssl_conf_min_version(&tls->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4);
+        mbedtls_ssl_conf_max_version(&tls->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4);
+    }
+#endif
+
    if ((ret = mbedtls_ssl_setup(&tls->ssl, &tls->conf)) != 0) {
        ESP_LOGE(TAG, "mbedtls_ssl_setup returned -0x%04X", -ret);
        mbedtls_print_error_msg(ret);
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@ -176,6 +176,7 @@ menu "mbedTLS"
        config MBEDTLS_SSL_PROTO_TLS1_3
            bool "Support TLS 1.3 protocol"
            depends on MBEDTLS_TLS_ENABLED
+            select MBEDTLS_HKDF_C
            default n

        config MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE