From 4d3a60475cd76aa493e7d087f54b4c655695c449 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Thu, 21 Apr 2022 13:46:17 +0000
Subject: [PATCH] Change default config version to development style

Change-Id: I9c1088f235524211e727d03b96de8d82e60bd426
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls.c | 56 ++++++++++++++++++++++++-----------------------
 1 file changed, 29 insertions(+), 27 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 26c009a9e0..57f4e46e65 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4210,37 +4210,39 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
     conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
+    if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM  )
+    {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
-#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
-        endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
-        /* DTLS 1.3 not supported yet
-         * server side hybrid mode not support yet
-         */
+        conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
         conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
-    }
-    else
-    {
-        conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
-    }
-#elif defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
-#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    if( transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
-    }
-    else
-    {
-        /* DTLS 1.3 not supported yet */
+#else
         return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-    }
 #endif
+    }
+    else
+    {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
+        if( endpoint == MBEDTLS_SSL_IS_CLIENT )
+        {
+            conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
+            conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
+        }
+        else
+        /* Hybrid TLS 1.2 / 1.3 is not supported on server side yet */
+        {
+            conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
+            conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
+        }
+#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
+        conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
+        conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
+#elif defined(MBEDTLS_SSL_PROTO_TLS1_2)
+        conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
+        conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
+#else
+        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+#endif
+    }
 
     /*
      * Preset-specific defaults