feat(esp_tls): supports setting tls version and ciphersuite in server config

Closes https://github.com/espressif/esp-idf/issues/17660

components/esp_https_server/include/esp_https_server.h

@@ -141,6 +141,15 @@ struct httpd_ssl_config {
 
     /** TLS handshake timeout in milliseconds, default timeout is 10 seconds if not set */
     uint32_t tls_handshake_timeout_ms;
+
+    /** TLS protocol version for this server, e.g., TLS 1.2, TLS 1.3
+     *  (default - no preference). Enables per-server TLS version control. */
+    esp_tls_proto_ver_t tls_version;
+
+    /** Pointer to a zero-terminated array of IANA identifiers of TLS ciphersuites.
+     *  Please check the list validity by esp_tls_get_ciphersuites_list() API.
+     *  This allows per-server cipher suite configuration. */
+    const int *ciphersuites_list;
 };
 
 typedef struct httpd_ssl_config httpd_ssl_config_t;
@@ -203,7 +212,9 @@ typedef struct httpd_ssl_config httpd_ssl_config_t;
     .ssl_userdata = NULL,                         \
     .cert_select_cb = NULL,                       \
     .alpn_protos = NULL,                          \
-    .tls_handshake_timeout_ms = 0                 \
+    .tls_handshake_timeout_ms = 0,                \
+    .tls_version = ESP_TLS_VER_ANY,               \
+    .ciphersuites_list = NULL,                    \
 }
 
 /**

components/esp_https_server/src/https_server.c

@@ -279,6 +279,9 @@ static esp_err_t create_secure_context(const struct httpd_ssl_config *config, ht
     cfg->alpn_protos = config->alpn_protos;
     cfg->tls_handshake_timeout_ms = config->tls_handshake_timeout_ms;
 
+    cfg->tls_version = config->tls_version;
+    cfg->ciphersuites_list = config->ciphersuites_list;
+
 #if defined(CONFIG_ESP_HTTPS_SERVER_CERT_SELECT_HOOK)
     cfg->cert_select_cb = config->cert_select_cb;
 #endif