Enable more key exchange methods

This is intended (but not entirely verified) to match our esp32 builds.
It does fix accessing https://circuitpython.org, which failed before with
"MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE".

It still doesn't work on a personal website of mine with valid letsencrypt
certificate but I haven't verified whether it works on esp32s2 with CP.
That site only allows TLS 1.3, while this mbedtls only supports up to
1.2.
The version of mbedtls we adopted based on micropython's use has no
TLS 1.3 support, but the one in espressif esp-idf does.
This commit is contained in:
Jeff Epler 2022-10-05 14:51:13 -05:00
parent fabfdcf6fe
commit 14f2309b6f
No known key found for this signature in database
GPG Key ID: D5BF15AB975AB4DE

View File

@ -50,8 +50,16 @@
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
#define MBEDTLS_ECP_NIST_OPTIM
#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_SHA256_SMALLER
@ -68,10 +76,12 @@
// Enable mbedtls modules
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ECDH_C
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_ERROR_C
@ -94,6 +104,7 @@
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_HAVE_TIME
#define MBEDTLS_DHM_C // needed by DHE_PSK
#undef MBEDTLS_HAVE_TIME_DATE
// Memory allocation hooks