Remove per-version ciphersuite configuration API
This commit removes the API
```
mbedtls_ssl_conf_ciphersuites_for_version()
```
which allows to configure lists of acceptable ciphersuites
for each supported version of SSL/TLS: SSL3, TLS 1.{0,1,2}.
With Mbed TLS 3.0, support for SSL3, TLS 1.0 and TLS 1.1
is dropped. Moreover, upcoming TLS 1.3 support has a different
notion of cipher suite and will require a different API.
This means that it's only for TLS 1.2 that we require
a ciphersuite configuration API, and
```
mbedtls_ssl_conf_ciphersuites()
```
can be used for that. The version-specific ciphersuite
configuration API `mbedtls_ssl_conf_ciphersuites_for_version()`,
in turn, is no longer needed.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 6cf283e..12ed0fb 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1155,8 +1155,7 @@
/*
* Ciphersuite list
*/
- ciphersuites = mbedtls_ssl_get_protocol_version_ciphersuites( ssl->conf,
- ssl->minor_ver );
+ ciphersuites = ssl->conf->ciphersuite_list;
/* Skip writing ciphersuite length for now */
n = 0;
@@ -2244,7 +2243,7 @@
i = 0;
while( 1 )
{
- if( mbedtls_ssl_get_protocol_version_ciphersuites( ssl->conf, ssl->minor_ver )[i] == 0 )
+ if( ssl->conf->ciphersuite_list[i] == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
mbedtls_ssl_send_alert_message(
@@ -2254,7 +2253,7 @@
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
- if( mbedtls_ssl_get_protocol_version_ciphersuites( ssl->conf, ssl->minor_ver )[i++] ==
+ if( ssl->conf->ciphersuite_list[i++] ==
ssl->session_negotiate->ciphersuite )
{
break;
