From 81cb1f9c83c9eafdd3ff927542652cdba56adc82 Mon Sep 17 00:00:00 2001
From: paul-szczepanek-arm
 <33840200+paul-szczepanek-arm@users.noreply.github.com>
Date: Thu, 22 Mar 2018 17:11:15 +0000
Subject: [PATCH 1/2] enable encryption for slave request added

---
 .../source/generic/GenericSecurityManager.cpp | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
index 95b15269b1..e773190e4c 100644
--- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
+++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
@@ -853,16 +853,23 @@ void GenericSecurityManager::on_slave_security_request(
         return;
     }
 
-    if (authentication.get_secure_connections()
-        && _default_authentication.get_secure_connections()
-        && !cb->secure_connections_paired) {
-        requestPairing(connection);
+    bool pairing_required = false;
+
+    if (authentication.get_secure_connections() && !cb->secure_connections_paired
+        && _default_authentication.get_secure_connections()) {
+        pairing_required = true;
     }
 
-    if (authentication.get_mitm()
-        && !cb->ltk_mitm_protected) {
+    if (authentication.get_mitm() && !cb->ltk_mitm_protected) {
+        pairing_required = true;
         cb->mitm_requested = true;
+    }
+
+    if (pairing_required) {
         requestPairing(connection);
+    } else {
+        /* this will refresh keys if encryption is already present */
+        enable_encryption(connection);
     }
 }
 

From 6833c79fb301ab3bdab22b555c1fb56d54ff5a69 Mon Sep 17 00:00:00 2001
From: paul-szczepanek-arm
 <33840200+paul-szczepanek-arm@users.noreply.github.com>
Date: Thu, 22 Mar 2018 17:54:13 +0000
Subject: [PATCH 2/2] don't request encrypt when pending

---
 features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
index e773190e4c..69f0306e5e 100644
--- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
+++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
@@ -867,7 +867,7 @@ void GenericSecurityManager::on_slave_security_request(
 
     if (pairing_required) {
         requestPairing(connection);
-    } else {
+    } else if (!cb->encryption_requested) {
         /* this will refresh keys if encryption is already present */
         enable_encryption(connection);
     }