|
@@ -159,15 +159,17 @@ __ustream_ssl_context_new(bool server)
|
|
|
|
|
|
mbedtls_ssl_config_defaults(conf, ep, MBEDTLS_SSL_TRANSPORT_STREAM,
|
|
|
MBEDTLS_SSL_PRESET_DEFAULT);
|
|
|
- mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_NONE);
|
|
|
mbedtls_ssl_conf_rng(conf, _urandom, NULL);
|
|
|
|
|
|
if (server) {
|
|
|
+ mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_NONE);
|
|
|
mbedtls_ssl_conf_ciphersuites(conf, default_ciphersuites_server);
|
|
|
mbedtls_ssl_conf_min_version(conf, MBEDTLS_SSL_MAJOR_VERSION_3,
|
|
|
MBEDTLS_SSL_MINOR_VERSION_3);
|
|
|
- } else
|
|
|
+ } else {
|
|
|
+ mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
|
|
|
mbedtls_ssl_conf_ciphersuites(conf, default_ciphersuites_client);
|
|
|
+ }
|
|
|
|
|
|
#if defined(MBEDTLS_SSL_CACHE_C)
|
|
|
mbedtls_ssl_conf_session_cache(conf, &ctx->cache,
|