Merge pull request #5230 from ronald-cron-arm/tls13_ccs_client

Add initial support for "Middlebox Compatibility Mode"

include/mbedtls/mbedtls_config.h

@@ -1505,6 +1505,28 @@
  */
 //#define MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 
+/**
+ * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+ *
+ * Enable TLS 1.3 middlebox compatibility mode.
+ *
+ * As specified in Section D.4 of RFC 8446, TLS 1.3 offers a compatibility
+ * mode to make a TLS 1.3 connection more likely to pass through middle boxes
+ * expecting TLS 1.2 traffic.
+ *
+ * Turning on the compatibility mode comes at the cost of a few added bytes
+ * on the wire, but it doesn't affect compatibility with TLS 1.3 implementations
+ * that don't use it. Therefore, unless transmission bandwidth is critical and
+ * you know that middlebox compatibility issues won't occur, it is therefore
+ * recommended to set this option.
+ *
+ * Comment to disable compatibility mode for TLS 1.3. If
+ * MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL is not enabled, this option does not
+ * have any effect on the build.
+ *
+ */
+//#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+
 /**
  * \def MBEDTLS_SSL_PROTO_DTLS
  *

include/mbedtls/ssl.h

@@ -641,6 +641,9 @@ typedef enum
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
     MBEDTLS_SSL_ENCRYPTED_EXTENSIONS,
     MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY,
+#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
+    MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED,
+#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 }
 mbedtls_ssl_states;