1 /*************************************************************************** 2 * Copyright (c) 2024 Microsoft Corporation 3 * 4 * This program and the accompanying materials are made available under the 5 * terms of the MIT License which is available at 6 * https://opensource.org/licenses/MIT. 7 * 8 * SPDX-License-Identifier: MIT 9 **************************************************************************/ 10 11 12 /**************************************************************************/ 13 /**************************************************************************/ 14 /** */ 15 /** NetX Secure Component */ 16 /** */ 17 /** Transport Layer Security (TLS) */ 18 /** */ 19 /**************************************************************************/ 20 /**************************************************************************/ 21 22 #define NX_SECURE_SOURCE_CODE 23 24 25 /* Include necessary system files. */ 26 27 #include "nx_secure_tls.h" 28 29 /**************************************************************************/ 30 /* */ 31 /* FUNCTION RELEASE */ 32 /* */ 33 /* _nx_secure_tls_session_protocol_version_override PORTABLE C */ 34 /* 6.1 */ 35 /* AUTHOR */ 36 /* */ 37 /* Timothy Stapko, Microsoft Corporation */ 38 /* */ 39 /* DESCRIPTION */ 40 /* */ 41 /* This function overrides the TLS protocol version to use for the TLS */ 42 /* session. This allows for a different version of TLS to be utilized */ 43 /* even if a newer version is enabled. For example, to use TLSv1.0 for */ 44 /* a specific host but use TLSv1.2 for all other hosts. */ 45 /* */ 46 /* INPUT */ 47 /* */ 48 /* tls_session Pointer to TLS Session */ 49 /* protocol_version Version of TLS to use */ 50 /* */ 51 /* OUTPUT */ 52 /* */ 53 /* status Completion status */ 54 /* */ 55 /* CALLS */ 56 /* */ 57 /* None */ 58 /* */ 59 /* CALLED BY */ 60 /* */ 61 /* Application Code */ 62 /* */ 63 /* RELEASE HISTORY */ 64 /* */ 65 /* DATE NAME DESCRIPTION */ 66 /* */ 67 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ 68 /* 09-30-2020 Timothy Stapko Modified comment(s), */ 69 /* fixed renegotiation bug, */ 70 /* resulting in version 6.1 */ 71 /* */ 72 /**************************************************************************/ _nx_secure_tls_session_protocol_version_override(NX_SECURE_TLS_SESSION * tls_session,USHORT protocol_version)73UINT _nx_secure_tls_session_protocol_version_override(NX_SECURE_TLS_SESSION *tls_session, 74 USHORT protocol_version) 75 { 76 #if (NX_SECURE_TLS_TLS_1_3_ENABLED) 77 if (protocol_version == NX_SECURE_TLS_VERSION_TLS_1_3) 78 { 79 if (tls_session -> nx_secure_tls_1_3_supported) 80 { 81 82 /* Set legacy version to TLS 1.2. */ 83 tls_session -> nx_secure_tls_protocol_version_override = NX_SECURE_TLS_VERSION_TLS_1_2; 84 } 85 else 86 { 87 return(NX_SECURE_TLS_UNSUPPORTED_TLS_VERSION); 88 } 89 } 90 else 91 #endif 92 { 93 tls_session -> nx_secure_tls_protocol_version_override = protocol_version; 94 #if (NX_SECURE_TLS_TLS_1_3_ENABLED) 95 tls_session -> nx_secure_tls_1_3 = NX_FALSE; 96 #ifndef NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION 97 tls_session -> nx_secure_tls_renegotation_enabled = NX_TRUE; 98 #endif /* NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION */ 99 #endif 100 } 101 102 /* Return completion status. */ 103 return(NX_SUCCESS); 104 } 105 106
