Stowage/godot
2
0
Fork 0
mirror of https://github.com/godotengine/godot.git synced 2025-10-19 16:03:29 +00:00
Code Issues Projects Releases Packages Wiki Activity

[mbedTLS] Enable TLS 1.3 negotiation by default

Browse source
This commit is contained in:
Fabio Alessandrelli 2025-02-24 14:04:09 +01:00
parent af0bc17c4f
commit fe84b84b51
5 changed files with 33 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/mbedtls/register_types.cpp
View file

@ -52,7 +52,7 @@ void initialize_mbedtls_module(ModuleInitializationLevel p_level) {
return;
}
GLOBAL_DEF("network/tls/enable_tls_v1.3", false);
GLOBAL_DEF("network/tls/enable_tls_v1.3", true);
#if MBEDTLS_VERSION_MAJOR >= 3
int status = psa_crypto_init();

30
modules/mbedtls/tls_context_mbedtls.cpp
View file

@ -32,6 +32,10 @@
#include "core/config/project_settings.h"
#ifdef TOOLS_ENABLED
#include "editor/editor_settings.h"
#endif // TOOLS_ENABLED
static void my_debug(void *ctx, int level,
const char *file, int line,
const char *str) {
@ -148,8 +152,17 @@ Error TLSContextMbedTLS::init_server(int p_transport, Ref<TLSOptions> p_options,
}
#if MBEDTLS_VERSION_MAJOR >= 3
if (Engine::get_singleton()->is_editor_hint() || !(bool)GLOBAL_GET("network/tls/enable_tls_v1.3")) {
mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2);
#ifdef TOOLS_ENABLED
if (Engine::get_singleton()->is_editor_hint()) {
if (!EditorSettings::get_singleton()->get_setting("network/tls/enable_tls_v1.3").operator bool()) {
mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2);
}
} else
#endif
{
if (!GLOBAL_GET("network/tls/enable_tls_v1.3").operator bool()) {
mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2);
}
}
#endif
@ -197,8 +210,17 @@ Error TLSContextMbedTLS::init_client(int p_transport, const String &p_hostname,
}
#if MBEDTLS_VERSION_MAJOR >= 3
if (Engine::get_singleton()->is_editor_hint() || !(bool)GLOBAL_GET("network/tls/enable_tls_v1.3")) {
mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2);
#ifdef TOOLS_ENABLED
if (Engine::get_singleton()->is_editor_hint()) {
if (!EditorSettings::get_singleton()->get_setting("network/tls/enable_tls_v1.3").operator bool()) {
mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2);
}
} else
#endif
{
if (!GLOBAL_GET("network/tls/enable_tls_v1.3").operator bool()) {
mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2);
}
}
#endif