From 19f17e402aa12bf85bf38d46304d07ad43459443 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Jan 2025 12:36:50 +0100 Subject: [PATCH 1/3] Stop recommended deprecated function in migration guide MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/3.0-migration-guide.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index 63a13ad876..42af9dbaf2 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -748,7 +748,7 @@ for both DTLS-CID and TLS 1.3. The default preference order for curves in TLS now favors resource usage (performance and memory consumption) over size. The exact order is unspecified and may change, but generally you can expect 256-bit curves to be preferred over larger curves. -If you prefer a different order, call `mbedtls_ssl_conf_curves()` when configuring a TLS connection. +If you prefer a different order, call `mbedtls_ssl_conf_groups()` when configuring a TLS connection. ### SSL key export interface change @@ -1025,7 +1025,7 @@ mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default; my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ); ``` -If you still need to allow hashes and curves in TLS that have been removed from the default configuration, call `mbedtls_ssl_conf_sig_hashes()` and `mbedtls_ssl_conf_curves()` with the desired lists. +If you still need to allow hashes and curves in TLS that have been removed from the default configuration, call `mbedtls_ssl_conf_sig_hashes()` and `mbedtls_ssl_conf_groups()` with the desired lists. ### Remove 3DES ciphersuites From 632667e3949841e4d0087920a10e2a5a41285abe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Jan 2025 12:25:52 +0100 Subject: [PATCH 2/3] Remove useless dependency from test function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This dependency was never right in the first place. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index a16ac64374..1acb89e0ba 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3059,7 +3059,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_DEPRECATED_REMOVED */ +/* BEGIN_CASE */ void conf_group() { uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, From ea18c7e1e53310c7d39bf8ce5384962c6fceaeb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 22 Jan 2025 10:04:43 +0100 Subject: [PATCH 3/3] Fix incorrect test function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We should not manually set the TLS version, the tests are supposed to pass in 1.3-only builds as well. Instead do the normal thing of setting defaults. This doesn't interfere with the rest of the testing, so I'm not sure why we were not doing it. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 1acb89e0ba..67a0c17b57 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3071,8 +3071,9 @@ void conf_group() mbedtls_ssl_config_init(&conf); mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); - mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); + mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT); mbedtls_ssl_conf_groups(&conf, iana_tls_group_list);