diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index bf208f1321..08dfe046a5 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -795,7 +795,7 @@ menu "mbedTLS" config MBEDTLS_SSL_RENEGOTIATION bool "Support TLS renegotiation" - depends on MBEDTLS_TLS_ENABLED + depends on MBEDTLS_TLS_ENABLED && MBEDTLS_SSL_PROTO_TLS1_2 default y help The two main uses of renegotiation are (1) refresh keys on long-lived diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c b/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c index 42b846a802..ff3699b497 100644 --- a/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c +++ b/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c @@ -201,6 +201,7 @@ static int set_ca_cert(tls_context_t *tls, const unsigned char *cacert, size_t c #ifdef CONFIG_SUITEB192 static uint16_t tls_sig_algs_for_suiteb[] = { +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_ECDSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512 ), @@ -211,6 +212,7 @@ static uint16_t tls_sig_algs_for_suiteb[] = { MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384 ), #endif #endif /* MBEDTLS_SHA512_C */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ MBEDTLS_TLS_SIG_NONE }; @@ -235,6 +237,7 @@ static void tls_set_suiteb_config(tls_context_t *tls) #endif static uint16_t tls_sig_algs_for_eap[] = { +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_ECDSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512 ), @@ -263,6 +266,7 @@ static uint16_t tls_sig_algs_for_eap[] = { MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA1 ), #endif #endif /* MBEDTLS_SHA1_C */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ MBEDTLS_TLS_SIG_NONE }; diff --git a/examples/protocols/esp_http_client/sdkconfig.ci.tls13_only b/examples/protocols/esp_http_client/sdkconfig.ci.tls13_only new file mode 100644 index 0000000000..9b2a9ba558 --- /dev/null +++ b/examples/protocols/esp_http_client/sdkconfig.ci.tls13_only @@ -0,0 +1,14 @@ +CONFIG_EXAMPLE_CONNECT_ETHERNET=y +CONFIG_EXAMPLE_CONNECT_WIFI=n +CONFIG_EXAMPLE_USE_INTERNAL_ETHERNET=y +CONFIG_EXAMPLE_ETH_PHY_IP101=y +CONFIG_EXAMPLE_ETH_MDC_GPIO=23 +CONFIG_EXAMPLE_ETH_MDIO_GPIO=18 +CONFIG_EXAMPLE_ETH_PHY_RST_GPIO=5 +CONFIG_EXAMPLE_ETH_PHY_ADDR=1 +CONFIG_EXAMPLE_CONNECT_IPV6=y +CONFIG_ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH=y +CONFIG_ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH=y +CONFIG_EXAMPLE_HTTP_ENDPOINT="httpbin.espressif.cn" +CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y