commit 177e49ad7a2e1827089ff28484b985068a626985
author Yanray Wang <yanray.wang@arm.com> Fri Dec 08 10:51:04 2023 +0800
committer Yanray Wang <yanray.wang@arm.com> Fri Dec 08 11:00:33 2023 +0800
tree 9850ee0240fc49762b52432427092842d4f12133
parent 408ba6f7b8cdd8180972e2ed2af8fad234a36416

tls13: srv: improve DEBUG_MSG in case of TLS 1.2 disabled

Signed-off-by: Yanray Wang <yanray.wang@arm.com>

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index eb0b528..52d2db6 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1923,7 +1923,7 @@
         /* Check if server supports TLS 1.2 */
         if (!mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) {
             MBEDTLS_SSL_DEBUG_MSG(
-                1, ("Unsupported version of TLS 1.2 was received"));
+                1, ("TLS 1.2 not supported."));
             MBEDTLS_SSL_PEND_FATAL_ALERT(
                 MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
                 MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index e67cf02..764fb4a 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -11626,8 +11626,7 @@
          -c "supported_versions(43) extension does not exist."      \
          -c "A fatal alert message was received from our peer"      \
          -s "The SSL configuration is tls13 only"                   \
-         -s "Unsupported version of TLS 1.2 was received"           \
-         -s "! mbedtls_ssl_handshake returned"
+         -s "TLS 1.2 not supported."
 
 requires_openssl_tls1_3_with_compatible_ephemeral
 requires_config_enabled MBEDTLS_DEBUG_C