Disable TLS1.3.

toitlang · Nov 28, 2024 · afc8a0f · afc8a0f
1 parent 4f1c4a7
commit afc8a0f
Show file tree

Hide file tree

Showing 4 changed files with 8,510 additions and 1 deletion.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -142,7 +142,7 @@ else()
   # pressure, but means the TLS connection often breaks after a while when the
   # counterpart makes the packets larger.  This ...IN_CONTENT_LEN define is
   # overriddden in sdkconfig files for devices.
-  set(MBEDTLS_C_FLAGS "-DMBEDTLS_SSL_IN_CONTENT_LEN=7800 -DMBEDTLS_SSL_OUT_CONTENT_LEN=3700 -DMBEDTLS_PLATFORM_MEMORY=1 -DMBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK=1")
+  set(MBEDTLS_C_FLAGS "-DMBEDTLS_CONFIG_FILE=\\\"${CMAKE_SOURCE_DIR}/mbedtls/include/toit_config.h\\\"")
 endif()
 
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${TOIT_GENERIC_FLAGS} ${TOIT_LWIP_C_FLAGS} ${MBEDTLS_C_FLAGS}")

diff --git a/mbedtls/include/README.md b/mbedtls/include/README.md
@@ -0,0 +1,15 @@
+# Toit configuration for mbedtls
+
+This directory contains the configuration for building mbedtls with Toit.
+When compiling for the ESP32 family, the ESP-IDF configuration is used.
+
+This directory contains two files: [default_config.h](default_config.h)
+and [toit_config.h](toit_config.h). The default config is unused and
+serves as a reference for the configuration options. It makes it possible to
+easily see which configurations have changed.
+
+## Updating mbedtls
+
+When updating mbedtls to a new version, the configuration files should be
+updated to match the new version. Replace the `default_config.h` with the
+new version and update the `toit_config.h` to match the changes.