From 3b35455a69aedfdd82894bca6da61e82719f2ae1 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Wed, 8 Mar 2023 15:59:41 +0100
Subject: [PATCH] tls: srv: Allow server hybrid TLS 1.2 and 1.3 configuration

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/ssl_tls.c                | 6 ------
 tests/suites/test_suite_ssl.data | 8 ++++----
 2 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 811d63d09..fd16b44d6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1325,12 +1325,6 @@ static int ssl_conf_version_check(const mbedtls_ssl_context *ssl)
             return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
         }
 
-        if (conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
-            MBEDTLS_SSL_DEBUG_MSG(1, ("TLS 1.3 server is not supported yet."));
-            return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-        }
-
-
         MBEDTLS_SSL_DEBUG_MSG(4, ("The SSL configuration is TLS 1.3 or TLS 1.2."));
         return 0;
     }
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 9ff2be1dc..ce8ccaa6d 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -3459,9 +3459,9 @@ Version config: unsupported client hybrid DTLS 1.2/3
 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
 conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
 
-Version config: unsupported server hybrid TLS 1.2/3
+Version config: valid server hybrid TLS 1.2/3
 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
-conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:0
 
 Version config: unsupported server hybrid DTLS 1.2/3
 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
@@ -3475,7 +3475,7 @@ Version config: unsupported client hybrid DTLS 1.2/3, no TLS 1.2
 depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
 conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG
 
-Version config: unsupported server hybrid TLS 1.2/3, no TLS 1.2
+Version config: valid server hybrid TLS 1.2/3, no TLS 1.2
 depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
 conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG
 
@@ -3491,7 +3491,7 @@ Version config: unsupported client hybrid DTLS 1.2/3, no TLS 1.3
 depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
 conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG
 
-Version config: unsupported server hybrid TLS 1.2/3, no TLS 1.3
+Version config: valid server hybrid TLS 1.2/3, no TLS 1.3
 depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
 conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG