From f5feb7813edbb86a7eee52e31df6eb187b638034 Mon Sep 17 00:00:00 2001
From: Laukik Hase <laukik.hase@espressif.com>
Date: Tue, 22 Feb 2022 12:45:22 +0530
Subject: [PATCH] mbedtls: Fix build errors related to TLS 1.3 - Kconfig:
 Enabled MBEDTLS_HKDF_C by default when TLS 1.3 support is enabled - esp-tls
 (mbedtls): Forced client to use TLS 1.3 when TLS 1.3 support is enabled

---
 components/esp-tls/esp_tls_mbedtls.c | 8 ++++++++
 components/mbedtls/Kconfig           | 1 +
 2 files changed, 9 insertions(+)

diff --git a/components/esp-tls/esp_tls_mbedtls.c b/components/esp-tls/esp_tls_mbedtls.c
index 645c3b868b..bca6ba6cda 100644
--- a/components/esp-tls/esp_tls_mbedtls.c
+++ b/components/esp-tls/esp_tls_mbedtls.c
@@ -114,6 +114,14 @@ esp_err_t esp_create_mbedtls_handle(const char *hostname, size_t hostlen, const
     mbedtls_esp_enable_debug_log(&tls->conf, CONFIG_MBEDTLS_DEBUG_LEVEL);
 #endif
 
+#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_3
+    // NOTE: Mbed TLS currently supports only client-side config with TLS 1.3
+    if (tls->role != ESP_TLS_SERVER) {
+        mbedtls_ssl_conf_min_version(&tls->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4);
+        mbedtls_ssl_conf_max_version(&tls->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4);
+    }
+#endif
+
     if ((ret = mbedtls_ssl_setup(&tls->ssl, &tls->conf)) != 0) {
         ESP_LOGE(TAG, "mbedtls_ssl_setup returned -0x%04X", -ret);
         mbedtls_print_error_msg(ret);
diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
index a63a62e5f9..01570e5005 100644
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@@ -176,6 +176,7 @@ menu "mbedTLS"
         config MBEDTLS_SSL_PROTO_TLS1_3
             bool "Support TLS 1.3 protocol"
             depends on MBEDTLS_TLS_ENABLED
+            select MBEDTLS_HKDF_C
             default n
 
         config MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE