Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use only a specified cipher suite #50

Merged
merged 2 commits into from
Jul 10, 2024
Merged

Use only a specified cipher suite #50

merged 2 commits into from
Jul 10, 2024

Conversation

AniruddhaKanhere
Copy link
Member

@AniruddhaKanhere AniruddhaKanhere commented Jul 9, 2024
edited
Loading

Description

This PR modifies the code so that only one cipher suite is chosen for SSL connection. namely - MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.

Test Steps

Checklist:

  • I have tested my changes. No regression in existing tests.
  • I have modified and/or added unit-tests to cover the code changes in this Pull Request.

Related Issue

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@AniruddhaKanhere AniruddhaKanhere requested a review from a team as a code owner July 9, 2024 21:30
@kstribrnAmzn
Copy link
Member

Why do we want to force this to only use one cipher suite?

@AniruddhaKanhere
Copy link
Member Author

Why do we want to force this to only use one cipher suite?

This restricts the scope of the certification. mbedTLS supports around 200 cipher suites. But, to limit the scope of the certification, we have chosen to use only this cipher suite as it is widely used by web browsers and provides best of both worlds - computation complexity and security.

joshzarr
joshzarr reviewed Jul 9, 2024
View reviewed changes
.DS_Store Show resolved Hide resolved
joshzarr
joshzarr approved these changes Jul 9, 2024
View reviewed changes
Copy link
Member

@joshzarr joshzarr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved with removing the unnecessary DS_Store file

@AniruddhaKanhere AniruddhaKanhere merged commit eb22b58 into FreeRTOS:FreeRTOS-SESIP Jul 10, 2024
1 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshzarr joshzarr joshzarr approved these changes

@kstribrnAmzn kstribrnAmzn kstribrnAmzn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AniruddhaKanhere @kstribrnAmzn @joshzarr