Skip to content

Commit ecc176b

Browse files
valeriosettivaleriosetti
committed
modules: mbedtls: remove RSA based ciphersuites
Ciphersuites using RSA encryption were removed from Mbed TLS 4.0. As a consequence this commit removes MBEDTLS_CIPHERSUITE_TLS_RSA_WITH_AES_256_CBC_SHA256 and replaces it with MBEDTLS_CIPHERSUITE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 in tests/samples code. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
1 parent 7456fd2 commit ecc176b

File tree

3 files changed

+2
-18
lines changed

3 files changed

+2
-18
lines changed

‎modules/mbedtls/Kconfig.ciphersuites‎

Lines changed: 0 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -59,22 +59,6 @@ config MBEDTLS_CIPHERSUITE_TLS_PSK_WITH_AES_128_GCM_SHA256
5959
select PSA_WANT_KEY_TYPE_AES
6060
select PSA_WANT_KEY_TYPE_DERIVE
6161

62-
config MBEDTLS_CIPHERSUITE_TLS_RSA_WITH_AES_256_CBC_SHA256
63-
bool "Ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256"
64-
select MBEDTLS_SSL_PROTO_TLS1_2
65-
select MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
66-
select PSA_WANT_ALG_TLS12_PSK_TO_MS
67-
select PSA_WANT_ALG_TLS12_PRF
68-
select PSA_WANT_ALG_CBC_NO_PADDING
69-
select PSA_WANT_ALG_SHA_256
70-
select PSA_WANT_KEY_TYPE_AES
71-
select PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
72-
select PSA_WANT_ALG_RSA_PKCS1V15_SIGN
73-
select PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
74-
select PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
75-
select PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
76-
select PSA_WANT_KEY_TYPE_DERIVE
77-
7862
config MBEDTLS_CIPHERSUITE_ECJPAKE_WITH_AES_128_CCM_8
7963
bool "Ciphersuite ECJPAKE_WITH_AES_128_CCM_8"
8064
select MBEDTLS_SSL_PROTO_TLS1_2

‎samples/subsys/mgmt/hawkbit/overlay-tls.conf‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,4 +9,4 @@ CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=16384
99

1010
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
1111
CONFIG_HAWKBIT_USE_TLS=y
12-
CONFIG_MBEDTLS_CIPHERSUITE_TLS_RSA_WITH_AES_256_CBC_SHA256=y
12+
CONFIG_MBEDTLS_CIPHERSUITE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256=y

‎tests/net/socket/tls/prj.conf‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,4 +52,4 @@ CONFIG_MBEDTLS_HEAP_SIZE=30000
5252
CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID=y
5353
CONFIG_MBEDTLS_PSA_KEY_SLOT_COUNT=32
5454
CONFIG_MBEDTLS_CIPHERSUITE_TLS_PSK_WITH_AES_256_CBC_SHA384=y
55-
CONFIG_MBEDTLS_CIPHERSUITE_TLS_RSA_WITH_AES_256_CBC_SHA256=y
55+
CONFIG_MBEDTLS_CIPHERSUITE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256=y

0 commit comments

Comments
 (0)