- Avoid downgrading TLS ciphersuites when client RSA keys are larger than RSA-2048 bit.
- Note that when using bigger certificates on low-power chips without crypto
hardware acceleration, it is recommended to adjust the task watchdog timer (TWDT)
if it is enabled. For precise information on timing requirements, you can check
performance numbers at https://github.com/espressif/mbedtls/wiki/Performance-Numbers.
In TLS v1.2, It was possible to disable server certificate validation simply by using
API 'mbedtls_ssl_conf_authmode'. But this behaviour is changed in TLS v1.3. We can not
disable server certificate validation in TLS v1.3 using this API anymore.
For more details, refer https://github.com/Mbed-TLS/mbedtls/issues/7075
1. Added SOC caps dependency for enabling 192 bit security in wifi enterprise example
2. Fixed authmode in log and connected event for WPA3 enterprise 192 bit security
This updates the minimal supported version of CMake to 3.16, which in turn enables us to use more CMake features and have a cleaner build system.
This is the version that provides most new features and also the one we use in our latest docker image for CI.
While using esp_wifi_set_config, flag pmf_capable defaults to 0.
Users may not bother to enable it, which prevents connection to a
WPA3 AP. Or the AP may reset into WPA3 mode failing the re-connection.
To ensure better security, deprecate the pmf_capable flag and set it to
true internally.
