Disable truncated HMAC by default

ChangeLog

@@ -85,6 +85,7 @@ Default behavior changes
      enabled in the default configuration, this is only noticeable if using a
      custom config.h
    * Default DHM parameters server-side upgraded from 1024 to 2048 bits.
+   * Negotiation of truncated HMAC is now disabled by default on server too.
 
 Reauirement changes
    * The minimum MSVC version required is now 2010 (better C99 support).

include/mbedtls/ssl.h

@@ -1863,8 +1863,7 @@ int mbedtls_ssl_set_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_co
 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
 /**
  * \brief          Activate negotiation of truncated HMAC
- *                 (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED on client,
- *                           MBEDTLS_SSL_TRUNC_HMAC_ENABLED on server.)
+ *                 (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
  *
  * \param conf     SSL configuration
  * \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or

library/ssl_tls.c

@@ -6618,11 +6618,6 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
     }
 #endif
 
-#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-    if( endpoint == MBEDTLS_SSL_IS_SERVER )
-        conf->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
-#endif
-
     conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] =
     conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
     conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =

tests/ssl-opt.sh

@@ -626,8 +626,8 @@ run_test    "Truncated HMAC: client enabled, server default" \
             "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
              trunc_hmac=1" \
             0 \
-            -S "dumping 'computed mac' (20 bytes)" \
-            -s "dumping 'computed mac' (10 bytes)"
+            -s "dumping 'computed mac' (20 bytes)" \
+            -S "dumping 'computed mac' (10 bytes)"
 
 run_test    "Truncated HMAC: client enabled, server disabled" \
             "$P_SRV debug_level=4 trunc_hmac=0" \