From 49a2020539293deab85cf7a26788e5ca464e34b3 Mon Sep 17 00:00:00 2001 From: jiakun02 Date: Tue, 10 Dec 2024 13:23:44 +0700 Subject: [PATCH] Fix bug for extension of TLS handshake --- deps/mbedtls-config.h | 52 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 49 insertions(+), 3 deletions(-) diff --git a/deps/mbedtls-config.h b/deps/mbedtls-config.h index 01280b2..87716f7 100644 --- a/deps/mbedtls-config.h +++ b/deps/mbedtls-config.h @@ -45,9 +45,6 @@ #define MBEDTLS_SSL_PROTO_TLS1_1 #define MBEDTLS_SSL_PROTO_TLS1_2 -/* Enable SNI in TLS handshake */ -#define MBEDTLS_SSL_SERVER_NAME_INDICATION 1 - /* mbed TLS modules */ #define MBEDTLS_AES_C #define MBEDTLS_ASN1_PARSE_C @@ -77,6 +74,55 @@ #define MBEDTLS_VERSION_C #define MBEDTLS_VERSION_FEATURES +/* Enable extensions in TLS handshake */ +#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +#define MBEDTLS_ECDH_C +#define MBEDTLS_SSL_PROTO_TLS1_3 +#define MBEDTLS_SSL_CONTEXT_SERIALIZATION +#define MBEDTLS_SSL_SERVER_NAME_INDICATION +#define MBEDTLS_ECDSA_C +#define MBEDTLS_ECP_C +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +#define MBEDTLS_ECP_DP_CURVE25519_ENABLED +#define MBEDTLS_X509_RSASSA_PSS_SUPPORT +#define MBEDTLS_PKCS1_V21 +#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET +#define MBEDTLS_SSL_ENCRYPT_THEN_MAC +#define MBEDTLS_SSL_ALPN +#define MBEDTLS_SSL_SESSION_TICKETS +#define MBEDTLS_SSL_CIPHERSUITES \ + MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, \ + MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, \ + MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, \ + MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, \ + MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, \ + MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, \ + MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, \ + MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, \ + MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, \ + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, \ + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, \ + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, \ + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \ + MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \ + MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, \ + MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, \ + MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, \ + MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, \ + MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, \ + MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, \ + MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, \ + MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, \ + MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, \ + MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, \ + MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, \ + MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, \ + MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, \ + MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA + /* For test certificates */ #define MBEDTLS_BASE64_C #define MBEDTLS_CERTS_C