... more
« Back to documentation index
mbedtls_ssl_config Struct Reference
SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
More...
#include <ssl.h >
const int * ciphersuite_list [4]void(* f_dbg )(void *, int, const char *, int, const char *) Callback for printing debug output. void * p_dbg int(* f_rng )(void *, unsigned char *, size_t) Callback for getting (pseudo-)random numbers. void * p_rng int(* f_get_cache )(void *, mbedtls_ssl_session *) Callback to retrieve a session from the cache. int(* f_set_cache )(void *, const mbedtls_ssl_session *) Callback to store a session into the cache. void * p_cache int(* f_sni )(void *, mbedtls_ssl_context *, const unsigned char *, size_t) Callback for setting cert according to SNI extension. void * p_sni int(* f_vrfy )(void *, mbedtls_x509_crt *, int, uint32_t *) Callback to customize X.509 certificate chain verification. void * p_vrfy int(* f_psk )(void *, mbedtls_ssl_context *, const unsigned char *, size_t) Callback to retrieve PSK key from identity. void * p_psk int(* f_cookie_write )(void *, unsigned char **, unsigned char *, const unsigned char *, size_t) Callback to create & write a cookie for ClientHello veirifcation. int(* f_cookie_check )(void *, const unsigned char *, size_t, const unsigned char *, size_t) Callback to verify validity of a ClientHello cookie. void * p_cookie int(* f_ticket_write )(void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t *) Callback to create & write a session ticket. int(* f_ticket_parse )(void *, mbedtls_ssl_session *, unsigned char *, size_t) Callback to parse a session ticket into a session structure. void * p_ticket int(* f_export_keys )(void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t) Callback to export key block and master secret. void * p_export_keys const mbedtls_x509_crt_profile * cert_profile mbedtls_ssl_key_cert * key_cert mbedtls_x509_crt * ca_chain mbedtls_x509_crl * ca_crl const int * sig_hashes const mbedtls_ecp_group_id * curve_list mbedtls_mpi dhm_P mbedtls_mpi dhm_G unsigned char * psk size_t psk_len unsigned char * psk_identity size_t psk_identity_len const char ** alpn_list uint32_t read_timeout uint32_t hs_timeout_min uint32_t hs_timeout_max int renego_max_records unsigned char renego_period [8]unsigned int badmac_limit unsigned int dhm_min_bitlen unsigned char max_major_ver unsigned char max_minor_ver unsigned char min_major_ver unsigned char min_minor_ver unsigned int endpoint : 1unsigned int transport : 1unsigned int authmode : 2unsigned int allow_legacy_renegotiation : 2unsigned int arc4_disabled : 1unsigned int mfl_code : 3unsigned int encrypt_then_mac : 1unsigned int extended_ms : 1unsigned int anti_replay : 1unsigned int cbc_record_splitting : 1unsigned int disable_renegotiation : 1unsigned int trunc_hmac : 1unsigned int session_tickets : 1unsigned int fallback : 1
Detailed Description
SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
Definition at line 580 of file ssl.h .
Field Documentation
MBEDTLS_LEGACY_XXX
Definition at line 719 of file ssl.h .
ordered list of protocols
Definition at line 676 of file ssl.h .
detect and prevent replay?
Definition at line 733 of file ssl.h .
blacklist RC4 ciphersuites?
Definition at line 721 of file ssl.h .
MBEDTLS_SSL_VERIFY_XXX
Definition at line 717 of file ssl.h .
limit of records with a bad MAC
Definition at line 699 of file ssl.h .
trusted CAs
Definition at line 651 of file ssl.h .
trusted CAs CRLs
Definition at line 652 of file ssl.h .
do cbc record splitting
Definition at line 736 of file ssl.h .
verification profile
Definition at line 649 of file ssl.h .
allowed ciphersuites per version
Definition at line 588 of file ssl.h .
allowed curves
Definition at line 660 of file ssl.h .
generator for DHM
Definition at line 665 of file ssl.h .
min. bit length of the DHM prime
Definition at line 703 of file ssl.h .
prime modulus for DHM
Definition at line 664 of file ssl.h .
disable renegotiation?
Definition at line 739 of file ssl.h .
negotiate encrypt-then-mac?
Definition at line 727 of file ssl.h .
0: client, 1: server
Definition at line 715 of file ssl.h .
negotiate extended master secret?
Definition at line 730 of file ssl.h .
int(* f_cookie_check )(void *, const unsigned char *, size_t, const unsigned char *, size_t)
Callback to verify validity of a ClientHello cookie.
Definition at line 627 of file ssl.h .
int(* f_cookie_write )(void *, unsigned char **, unsigned char *, const unsigned char *, size_t)
Callback to create & write a cookie for ClientHello veirifcation.
Definition at line 624 of file ssl.h .
void(* f_dbg )(void *, int, const char *, int, const char *)
Callback for printing debug output.
Definition at line 591 of file ssl.h .
int(* f_export_keys )(void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t)
Callback to export key block and master secret.
Definition at line 643 of file ssl.h .
Callback to retrieve a session from the cache.
Definition at line 599 of file ssl.h .
int(* f_psk )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
Callback to retrieve PSK key from identity.
Definition at line 618 of file ssl.h .
int(* f_rng )(void *, unsigned char *, size_t)
Callback for getting (pseudo-)random numbers.
Definition at line 595 of file ssl.h .
int(* f_set_cache )(void *, const mbedtls_ssl_session *)
Callback to store a session into the cache.
Definition at line 601 of file ssl.h .
int(* f_sni )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
Callback for setting cert according to SNI extension.
Definition at line 606 of file ssl.h .
int(* f_ticket_parse )(void *, mbedtls_ssl_session *, unsigned char *, size_t)
Callback to parse a session ticket into a session structure.
Definition at line 637 of file ssl.h .
int(* f_ticket_write )(void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t *)
Callback to create & write a session ticket.
Definition at line 634 of file ssl.h .
Callback to customize X.509 certificate chain verification.
Definition at line 612 of file ssl.h .
is this a fallback?
Definition at line 748 of file ssl.h .
maximum value of the handshake retransmission timeout (ms)
Definition at line 688 of file ssl.h .
initial value of the handshake retransmission timeout (ms)
Definition at line 686 of file ssl.h .
own certificate/key pair(s)
Definition at line 650 of file ssl.h .
max. major version used
Definition at line 706 of file ssl.h .
max. minor version used
Definition at line 707 of file ssl.h .
desired fragment length
Definition at line 724 of file ssl.h .
min. major version used
Definition at line 708 of file ssl.h .
min. minor version used
Definition at line 709 of file ssl.h .
context for cache callbacks
Definition at line 602 of file ssl.h .
context for the cookie callbacks
Definition at line 629 of file ssl.h .
context for the debug function
Definition at line 592 of file ssl.h .
context for key export callback
Definition at line 645 of file ssl.h .
context for PSK callback
Definition at line 619 of file ssl.h .
context for the RNG function
Definition at line 596 of file ssl.h .
context for SNI callback
Definition at line 607 of file ssl.h .
context for the ticket callbacks
Definition at line 638 of file ssl.h .
context for X.509 verify calllback
Definition at line 613 of file ssl.h .
pre-shared key
Definition at line 669 of file ssl.h .
identity for PSK negotiation
Definition at line 671 of file ssl.h .
length of identity
Definition at line 672 of file ssl.h .
length of the pre-shared key
Definition at line 670 of file ssl.h .
timeout for mbedtls_ssl_read (ms)
Definition at line 683 of file ssl.h .
grace period for renegotiation
Definition at line 693 of file ssl.h .
value of the record counters that triggers renegotiation
Definition at line 694 of file ssl.h .
use session tickets?
Definition at line 745 of file ssl.h .
allowed signature hashes
Definition at line 656 of file ssl.h .
stream (TLS) or datagram (DTLS)
Definition at line 716 of file ssl.h .
negotiate truncated hmac?
Definition at line 742 of file ssl.h .
1.7.2
