Skip to content

Commit

Permalink
Revert switch to EC handshake algorithm (aws#1680)
Browse files Browse the repository at this point in the history 
* Revert "ESP32 specific mirror of PR aws#1668 (aws#1670)"

This reverts commit 2887e50.

* Revert "Switch to using ECDHE-ECDSA Algorithm for TLS Handshake  (aws#1668)"

This reverts commit 35f399c.
  • Loading branch information
@lundinc2 @yuhui-zheng
lundinc2 authored and yuhui-zheng committed Feb 13, 2020
1 parent 9e8e131 commit 4c066b1
Show file tree
Hide file tree
Showing 6 changed files with 13 additions and 27 deletions.
2 changes: 1 addition & 1 deletion libraries/3rdparty/mbedtls/include/mbedtls/config.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -939,7 +939,7 @@
* MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
*/
//#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED

/**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Expand Down
4 changes: 2 additions & 2 deletions libraries/freertos_plus/standard/tls/src/iot_tls.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -759,8 +759,8 @@ BaseType_t TLS_Connect( void * pvContext )
if( 0 == xResult )
{
xResult = mbedtls_x509_crt_parse( &pxCtx->xMbedX509CA,
( const unsigned char * ) tlsATS3_ROOT_CERTIFICATE_PEM,
tlsATS3_ROOT_CERTIFICATE_LENGTH );
( const unsigned char * ) tlsATS1_ROOT_CERTIFICATE_PEM,
tlsATS1_ROOT_CERTIFICATE_LENGTH );

if( 0 == xResult )
{
Expand Down
10 changes: 5 additions & 5 deletions vendors/espressif/boards/esp32/aws_demos/sdkconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -575,13 +575,13 @@ CONFIG_MBEDTLS_TLS_ENABLED=y
# TLS Key Exchange Methods
#
CONFIG_MBEDTLS_PSK_MODES=
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA=n
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA=n
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA=y
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA=n
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA=n
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA=n
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA=y
CONFIG_MBEDTLS_SSL_RENEGOTIATION=y
CONFIG_MBEDTLS_SSL_PROTO_SSL3=
CONFIG_MBEDTLS_SSL_PROTO_TLS1=y
Expand Down
7 changes: 0 additions & 7 deletions vendors/espressif/boards/esp32/aws_demos/sdkconfig.defaults
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,6 @@ CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=8192
CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
CONFIG_MBEDTLS_CMAC_C=y
CONFIG_MBEDTLS_ECP_RESTARTABLE=y
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA=n
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA=n
CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA=n
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA=n
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA=n
CONFIG_BT_ENABLED=y
CONFIG_BLUEDROID_ENABLED=
CONFIG_NIMBLE_ENABLED=y
Expand Down
10 changes: 5 additions & 5 deletions vendors/espressif/boards/esp32/aws_tests/sdkconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -573,13 +573,13 @@ CONFIG_MBEDTLS_TLS_ENABLED=y
# TLS Key Exchange Methods
#
CONFIG_MBEDTLS_PSK_MODES=
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA=n
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA=n
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA=y
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA=n
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA=n
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA=n
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA=y
CONFIG_MBEDTLS_SSL_RENEGOTIATION=y
CONFIG_MBEDTLS_SSL_PROTO_SSL3=
CONFIG_MBEDTLS_SSL_PROTO_TLS1=y
Expand Down
7 changes: 0 additions & 7 deletions vendors/espressif/boards/esp32/aws_tests/sdkconfig.defaults
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,6 @@ CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=8192
CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
CONFIG_MBEDTLS_CMAC_C=y
CONFIG_MBEDTLS_ECP_RESTARTABLE=y
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA=n
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA=n
CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA=n
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA=n
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA=n
CONFIG_BT_ENABLED=y
CONFIG_BLUEDROID_ENABLED=
CONFIG_NIMBLE_ENABLED=y
Expand Down

0 comments on commit 4c066b1

Please sign in to comment.