michaelh/zephyr
1
0
Fork 0
Code Releases Activity

modules: mbedtls: Add Kconfig option to enable Extended Master Secret

Browse source 
Add Kconfig option for `config-tls-generic.h` to enable the Extended
Master Secret extension.

Signed-off-by: Pete Skeggs <peter.skeggs@nordicsemi.no>
This commit is contained in:
Pete Skeggs 2022-02-07 13:32:46 -08:00 committed by Carles Cufí
commit 6a9854e2ca
2 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/mbedtls/Kconfig.tls-generic
View file

@ -411,4 +411,12 @@ config MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES
depends on MBEDTLS_SSL_CACHE_C
default 5
config MBEDTLS_SSL_EXTENDED_MASTER_SECRET
bool "(D)TLS Extended Master Secret extension"
depends on MBEDTLS_TLS_VERSION_1_2
help
Enable support for the (D)TLS Extended Master Secret extension
which ensures that master secrets are different for every
connection and every session.
endmenu

4
modules/mbedtls/configs/config-tls-generic.h
View file

@ -440,6 +440,10 @@
#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES CONFIG_MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES
#endif
#if defined(CONFIG_MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
#endif
/* User config file */
#if defined(CONFIG_MBEDTLS_USER_CONFIG_FILE)