From 27eb68d29588937741ed89fd4f395a37c20b2ac6 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Fri, 15 Mar 2024 16:13:37 +0100
Subject: [PATCH] Enable TLS 1.3 by default

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 ChangeLog.d/enable-tls13-by-default.txt | 2 ++
 include/mbedtls/mbedtls_config.h        | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)
 create mode 100644 ChangeLog.d/enable-tls13-by-default.txt

diff --git a/ChangeLog.d/enable-tls13-by-default.txt b/ChangeLog.d/enable-tls13-by-default.txt
new file mode 100644
index 0000000000..636078c7c1
--- /dev/null
+++ b/ChangeLog.d/enable-tls13-by-default.txt
@@ -0,0 +1,2 @@
+Changes
+   * The TLS 1.3 protocol is now enabled in the default configuration.
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index cf6d406cb3..b9790b9c19 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -1774,7 +1774,7 @@
  *
  * Uncomment this macro to enable the support for TLS 1.3.
  */
-//#define MBEDTLS_SSL_PROTO_TLS1_3
+#define MBEDTLS_SSL_PROTO_TLS1_3
 
 /**
  * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
@@ -1796,7 +1796,7 @@
  * effect on the build.
  *
  */
-//#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 
 /**
  * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED