Wiced TLS restrictions

BeOl_4470266 · ‎Mar 30, 2021

Hello,

In order to respect our cybersecurity requirements, I need to disable the support for TLS 1.0 and TLS 1.1, only keeping TLS 1.2.

I've noticed that this configuration is made from wiced_default.h

However it comes with a comment

/* Note: Please don't try to change TLS MINOR VERSION MIN & MAX values,
 * as few  wiced prebuilts are compiled using below values changing the values can cause issues
 * */
/* TLS major version is assumed to be 1 */
#define WICED_TLS_MINOR_VERSION_MIN           (0)   /* Refers to TLS version 1.2. Values for TLS Versions: 0 ==> TLS v1.0, 1 ==> TLS v1.1, 2 ==> TLS v1.2 */
#define WICED_TLS_MINOR_VERSION_MAX           (2)   /* Refers to TLS version 1.2. Values for TLS Versions: 0 ==> TLS v1.0, 1 ==> TLS v1.1, 2 ==> TLS v1.2 */

What would be the correct approach to disable TLS versions that are under 1.2?

Best regards,

Ben

GauravS_31 · ‎Apr 14, 2021

I checked the closed source BESL supplicant library and i did see that the TLS min and max version was used. Since the library is statically compiled, it would mean that the TLS versions used in the library would retain the default values. In other words, if you are planning to use enterprise security with TLS min and max values changed, this would require a new statically compiled BESL library file.

@AxLi_1746341 My bad, the versions are used for mbedTLS

View solution in original post

Wiced TLS restrictions

Wiced TLS restrictions

Re: Wiced TLS restrictions