I tried to make the following changes.
The server returned "TLS_RSA_WITH_AES_128_CBC_SHA" which I wanted.
Is this modification the right method ?
1.Changed definition "MBEDTLS_SSL_CIPHERSUITES" to MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA .
2 of 2 people found this helpful
When the TLS client sends a client hello to the server, it basically presents the cipher suites listed in MBEDTLS_SSL_CIPHERSUITES. The server would select a cipher suite which contains the strongest security but is also compatible with the server. By modifying it to include only MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, this will force the server to select this cipher suite after server hello. This modification is fine if you only want to test a particular cipher suite. We will not recommend this approach for production as this is not scalable.
Dear Gaurav san,
Thank you for your advice.
>This modification is fine if you only want to test a particular cipher suite.
>We will not recommend this approach for production as this is not scalable.
I understand it.