« Back to documentation index
mbedtls_ssl_config Struct Reference
SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
More...
#include <ssl.h >
Data Fields
const int * ciphersuite_list [4]
void(* f_dbg )(void *, int, const char *, int, const char *)
Callback for printing debug output.
void * p_dbg
int(* f_rng )(void *, unsigned char *, size_t)
Callback for getting (pseudo-)random numbers.
void * p_rng
int(* f_get_cache )(void *, mbedtls_ssl_session *)
Callback to retrieve a session from the cache.
int(* f_set_cache )(void *, const mbedtls_ssl_session *)
Callback to store a session into the cache.
void * p_cache
int(* f_sni )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
Callback for setting cert according to SNI extension.
void * p_sni
int(* f_vrfy )(void *, mbedtls_x509_crt *, int, uint32_t *)
Callback to customize X.509 certificate chain verification.
void * p_vrfy
int(* f_psk )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
Callback to retrieve PSK key from identity.
void * p_psk
int(* f_cookie_write )(void *, unsigned char **, unsigned char *, const unsigned char *, size_t)
Callback to create & write a cookie for ClientHello veirifcation.
int(* f_cookie_check )(void *, const unsigned char *, size_t, const unsigned char *, size_t)
Callback to verify validity of a ClientHello cookie.
void * p_cookie
int(* f_ticket_write )(void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t *)
Callback to create & write a session ticket.
int(* f_ticket_parse )(void *, mbedtls_ssl_session *, unsigned char *, size_t)
Callback to parse a session ticket into a session structure.
void * p_ticket
int(* f_export_keys )(void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t)
Callback to export key block and master secret.
void * p_export_keys
const mbedtls_x509_crt_profile * cert_profile
mbedtls_ssl_key_cert * key_cert
mbedtls_x509_crt * ca_chain
mbedtls_x509_crl * ca_crl
const int * sig_hashes
const mbedtls_ecp_group_id * curve_list
mbedtls_mpi dhm_P
mbedtls_mpi dhm_G
unsigned char * psk
size_t psk_len
unsigned char * psk_identity
size_t psk_identity_len
const char ** alpn_list
uint32_t read_timeout
uint32_t hs_timeout_min
uint32_t hs_timeout_max
int renego_max_records
unsigned char renego_period [8]
unsigned int badmac_limit
unsigned int dhm_min_bitlen
unsigned char max_major_ver
unsigned char max_minor_ver
unsigned char min_major_ver
unsigned char min_minor_ver
unsigned int endpoint : 1
unsigned int transport : 1
unsigned int authmode : 2
unsigned int allow_legacy_renegotiation : 2
unsigned int arc4_disabled : 1
unsigned int mfl_code : 3
unsigned int encrypt_then_mac : 1
unsigned int extended_ms : 1
unsigned int anti_replay : 1
unsigned int cbc_record_splitting : 1
unsigned int disable_renegotiation : 1
unsigned int trunc_hmac : 1
unsigned int session_tickets : 1
unsigned int fallback : 1
unsigned int cert_req_ca_list : 1
Detailed Description
SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
Definition at line 597 of file ssl.h .
Field Documentation
MBEDTLS_LEGACY_XXX
Definition at line 744 of file ssl.h .
ordered list of protocols
Definition at line 701 of file ssl.h .
detect and prevent replay?
Definition at line 758 of file ssl.h .
blacklist RC4 ciphersuites?
Definition at line 746 of file ssl.h .
MBEDTLS_SSL_VERIFY_XXX
Definition at line 742 of file ssl.h .
limit of records with a bad MAC
Definition at line 724 of file ssl.h .
trusted CAs
Definition at line 668 of file ssl.h .
trusted CAs CRLs
Definition at line 669 of file ssl.h .
do cbc record splitting
Definition at line 761 of file ssl.h .
verification profile
Definition at line 666 of file ssl.h .
enable sending CA list in Certificate Request messages?
Definition at line 776 of file ssl.h .
allowed ciphersuites per version
Definition at line 605 of file ssl.h .
allowed curves
Definition at line 677 of file ssl.h .
generator for DHM
Definition at line 682 of file ssl.h .
min. bit length of the DHM prime
Definition at line 728 of file ssl.h .
prime modulus for DHM
Definition at line 681 of file ssl.h .
disable renegotiation?
Definition at line 764 of file ssl.h .
negotiate encrypt-then-mac?
Definition at line 752 of file ssl.h .
0: client, 1: server
Definition at line 740 of file ssl.h .
negotiate extended master secret?
Definition at line 755 of file ssl.h .
int(* f_cookie_check )(void *, const unsigned char *, size_t, const unsigned char *, size_t)
Callback to verify validity of a ClientHello cookie.
Definition at line 644 of file ssl.h .
int(* f_cookie_write )(void *, unsigned char **, unsigned char *, const unsigned char *, size_t)
Callback to create & write a cookie for ClientHello veirifcation.
Definition at line 641 of file ssl.h .
void(* f_dbg )(void *, int, const char *, int, const char *)
Callback for printing debug output.
Definition at line 608 of file ssl.h .
int(* f_export_keys )(void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t)
Callback to export key block and master secret.
Definition at line 660 of file ssl.h .
Callback to retrieve a session from the cache.
Definition at line 616 of file ssl.h .
int(* f_psk )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
Callback to retrieve PSK key from identity.
Definition at line 635 of file ssl.h .
int(* f_rng )(void *, unsigned char *, size_t)
Callback for getting (pseudo-)random numbers.
Definition at line 612 of file ssl.h .
int(* f_set_cache )(void *, const mbedtls_ssl_session *)
Callback to store a session into the cache.
Definition at line 618 of file ssl.h .
int(* f_sni )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
Callback for setting cert according to SNI extension.
Definition at line 623 of file ssl.h .
int(* f_ticket_parse )(void *, mbedtls_ssl_session *, unsigned char *, size_t)
Callback to parse a session ticket into a session structure.
Definition at line 654 of file ssl.h .
int(* f_ticket_write )(void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t *)
Callback to create & write a session ticket.
Definition at line 651 of file ssl.h .
Callback to customize X.509 certificate chain verification.
Definition at line 629 of file ssl.h .
is this a fallback?
Definition at line 773 of file ssl.h .
maximum value of the handshake retransmission timeout (ms)
Definition at line 713 of file ssl.h .
initial value of the handshake retransmission timeout (ms)
Definition at line 711 of file ssl.h .
own certificate/key pair(s)
Definition at line 667 of file ssl.h .
max. major version used
Definition at line 731 of file ssl.h .
max. minor version used
Definition at line 732 of file ssl.h .
desired fragment length
Definition at line 749 of file ssl.h .
min. major version used
Definition at line 733 of file ssl.h .
min. minor version used
Definition at line 734 of file ssl.h .
context for cache callbacks
Definition at line 619 of file ssl.h .
context for the cookie callbacks
Definition at line 646 of file ssl.h .
context for the debug function
Definition at line 609 of file ssl.h .
context for key export callback
Definition at line 662 of file ssl.h .
context for PSK callback
Definition at line 636 of file ssl.h .
context for the RNG function
Definition at line 613 of file ssl.h .
context for SNI callback
Definition at line 624 of file ssl.h .
context for the ticket callbacks
Definition at line 655 of file ssl.h .
context for X.509 verify calllback
Definition at line 630 of file ssl.h .
timeout for mbedtls_ssl_read (ms)
Definition at line 708 of file ssl.h .
grace period for renegotiation
Definition at line 718 of file ssl.h .
value of the record counters that triggers renegotiation
Definition at line 719 of file ssl.h .
use session tickets?
Definition at line 770 of file ssl.h .
allowed signature hashes
Definition at line 673 of file ssl.h .
stream (TLS) or datagram (DTLS)
Definition at line 741 of file ssl.h .
negotiate truncated hmac?
Definition at line 767 of file ssl.h .