- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
In order to respect our cybersecurity requirements, I need to disable the support for TLS 1.0 and TLS 1.1, only keeping TLS 1.2.
I've noticed that this configuration is made from wiced_default.h
However it comes with a comment
/* Note: Please don't try to change TLS MINOR VERSION MIN & MAX values,
* as few wiced prebuilts are compiled using below values changing the values can cause issues
* */
/* TLS major version is assumed to be 1 */
#define WICED_TLS_MINOR_VERSION_MIN (0) /* Refers to TLS version 1.2. Values for TLS Versions: 0 ==> TLS v1.0, 1 ==> TLS v1.1, 2 ==> TLS v1.2 */
#define WICED_TLS_MINOR_VERSION_MAX (2) /* Refers to TLS version 1.2. Values for TLS Versions: 0 ==> TLS v1.0, 1 ==> TLS v1.1, 2 ==> TLS v1.2 */
What would be the correct approach to disable TLS versions that are under 1.2?
Best regards,
Ben
Solved! Go to Solution.
- Labels:
-
WICED Studio Wi-Fi Combo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I checked the closed source BESL supplicant library and i did see that the TLS min and max version was used. Since the library is statically compiled, it would mean that the TLS versions used in the library would retain the default values. In other words, if you are planning to use enterprise security with TLS min and max values changed, this would require a new statically compiled BESL library file.
@AxLi_1746341 My bad, the versions are used for mbedTLS