From 594e1b5e4439368066e545430bd2f9a6ade05a09 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Thu, 19 Apr 2018 11:39:08 +0800
Subject: [PATCH] mbedtls: disable truncated HMAC

This is a workaround for CVE-2018-0488.
Ref. https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
Ref. https://github.com/espressif/esp-idf/issues/1730
---
 components/mbedtls/port/include/mbedtls/esp_config.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h
index c81bf1a06e..3d65969359 100644
--- a/components/mbedtls/port/include/mbedtls/esp_config.h
+++ b/components/mbedtls/port/include/mbedtls/esp_config.h
@@ -1326,7 +1326,7 @@
  *
  * Comment this macro to disable support for truncated HMAC in SSL
  */
-#define MBEDTLS_SSL_TRUNCATED_HMAC
+//#define MBEDTLS_SSL_TRUNCATED_HMAC
 
 /**
  * \def MBEDTLS_THREADING_ALT