1 /**************************************************************************/ 2 /* */ 3 /* Copyright (c) Microsoft Corporation. All rights reserved. */ 4 /* */ 5 /* This software is licensed under the Microsoft Software License */ 6 /* Terms for Microsoft Azure RTOS. Full text of the license can be */ 7 /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */ 8 /* and in the root directory of this software. */ 9 /* */ 10 /**************************************************************************/ 11 12 13 /**************************************************************************/ 14 /**************************************************************************/ 15 /** */ 16 /** NetX Secure Component */ 17 /** */ 18 /** Transport Layer Security (TLS) */ 19 /** */ 20 /**************************************************************************/ 21 /**************************************************************************/ 22 23 #define NX_SECURE_SOURCE_CODE 24 25 26 /* Include necessary system files. */ 27 28 #include "nx_secure_tls.h" 29 30 /**************************************************************************/ 31 /* */ 32 /* FUNCTION RELEASE */ 33 /* */ 34 /* _nx_secure_tls_session_protocol_version_override PORTABLE C */ 35 /* 6.1 */ 36 /* AUTHOR */ 37 /* */ 38 /* Timothy Stapko, Microsoft Corporation */ 39 /* */ 40 /* DESCRIPTION */ 41 /* */ 42 /* This function overrides the TLS protocol version to use for the TLS */ 43 /* session. This allows for a different version of TLS to be utilized */ 44 /* even if a newer version is enabled. For example, to use TLSv1.0 for */ 45 /* a specific host but use TLSv1.2 for all other hosts. */ 46 /* */ 47 /* INPUT */ 48 /* */ 49 /* tls_session Pointer to TLS Session */ 50 /* protocol_version Version of TLS to use */ 51 /* */ 52 /* OUTPUT */ 53 /* */ 54 /* status Completion status */ 55 /* */ 56 /* CALLS */ 57 /* */ 58 /* None */ 59 /* */ 60 /* CALLED BY */ 61 /* */ 62 /* Application Code */ 63 /* */ 64 /* RELEASE HISTORY */ 65 /* */ 66 /* DATE NAME DESCRIPTION */ 67 /* */ 68 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ 69 /* 09-30-2020 Timothy Stapko Modified comment(s), */ 70 /* fixed renegotiation bug, */ 71 /* resulting in version 6.1 */ 72 /* */ 73 /**************************************************************************/ _nx_secure_tls_session_protocol_version_override(NX_SECURE_TLS_SESSION * tls_session,USHORT protocol_version)74UINT _nx_secure_tls_session_protocol_version_override(NX_SECURE_TLS_SESSION *tls_session, 75 USHORT protocol_version) 76 { 77 #if (NX_SECURE_TLS_TLS_1_3_ENABLED) 78 if (protocol_version == NX_SECURE_TLS_VERSION_TLS_1_3) 79 { 80 if (tls_session -> nx_secure_tls_1_3_supported) 81 { 82 83 /* Set legacy version to TLS 1.2. */ 84 tls_session -> nx_secure_tls_protocol_version_override = NX_SECURE_TLS_VERSION_TLS_1_2; 85 } 86 else 87 { 88 return(NX_SECURE_TLS_UNSUPPORTED_TLS_VERSION); 89 } 90 } 91 else 92 #endif 93 { 94 tls_session -> nx_secure_tls_protocol_version_override = protocol_version; 95 #if (NX_SECURE_TLS_TLS_1_3_ENABLED) 96 tls_session -> nx_secure_tls_1_3 = NX_FALSE; 97 #ifndef NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION 98 tls_session -> nx_secure_tls_renegotation_enabled = NX_TRUE; 99 #endif /* NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION */ 100 #endif 101 } 102 103 /* Return completion status. */ 104 return(NX_SUCCESS); 105 } 106 107
