diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e7fc8eaeca..4b399eb15e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -89,10 +89,10 @@ /* Determine maximum supported version */ #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 -#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_4 +#elif defined(MBEDTLS_SSL_PROTO_TLS1_2) +#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ /* Shorthand for restartable ECC */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bff2a95230..e7bd09088e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6922,7 +6922,12 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */ conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) + /* Hybrid TLS 1.2/1.3 is not supported yet */ + conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; +#else conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */ conf->ciphersuite_list = ssl_preset_suiteb_ciphersuites; @@ -6961,7 +6966,12 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, MBEDTLS_SSL_MIN_MINOR_VERSION : MBEDTLS_SSL_MIN_VALID_MINOR_VERSION; conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) + /* Hybrid TLS 1.2/1.3 is not supported yet */ + conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; +#else conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )