In my config.h file I only enable MBEDTLS_SSL_PROTO_TLS1_2. However, from the Wireshark capture, I see the Version field dissected in the TLS record layer still indicates TLS 1.0 (0x0301). Shall I do anything about it?
Admin, sorry I posted on the wrong forum. It was meant to go to Mbed TLS. Can you move it for me? Thanks.
I traced down the TLS version number. The v1.0 comes from this
int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
int endpoint, int transport, int preset )
{
...
switch( preset )
{
...
default:
conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
}
}
Once I changed min_minor_ver to:
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */
I am getting TLS v1.2 in Wireshark. Any problem with what I am doing?