« Back to documentation index
mbedtls_ssl_config Struct Reference
SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
More...
#include <ssl.h >
const int * ciphersuite_list [4]void(* f_dbg )(void *, int, const char *, int, const char *) Callback for printing debug output. void * p_dbg int(* f_rng )(void *, unsigned char *, size_t) Callback for getting (pseudo-)random numbers. void * p_rng int(* f_get_cache )(void *, mbedtls_ssl_session *) Callback to retrieve a session from the cache. int(* f_set_cache )(void *, const mbedtls_ssl_session *) Callback to store a session into the cache. void * p_cache int(* f_sni )(void *, mbedtls_ssl_context *, const unsigned char *, size_t) Callback for setting cert according to SNI extension. void * p_sni int(* f_vrfy )(void *, mbedtls_x509_crt *, int, uint32_t *) Callback to customize X.509 certificate chain verification. void * p_vrfy int(* f_psk )(void *, mbedtls_ssl_context *, const unsigned char *, size_t) Callback to retrieve PSK key from identity. void * p_psk int(* f_cookie_write )(void *, unsigned char **, unsigned char *, const unsigned char *, size_t) Callback to create & write a cookie for ClientHello veirifcation. int(* f_cookie_check )(void *, const unsigned char *, size_t, const unsigned char *, size_t) Callback to verify validity of a ClientHello cookie. void * p_cookie int(* f_ticket_write )(void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t *) Callback to create & write a session ticket. int(* f_ticket_parse )(void *, mbedtls_ssl_session *, unsigned char *, size_t) Callback to parse a session ticket into a session structure. void * p_ticket int(* f_export_keys )(void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t) Callback to export key block and master secret. void * p_export_keys const mbedtls_x509_crt_profile * cert_profile mbedtls_ssl_key_cert * key_cert mbedtls_x509_crt * ca_chain mbedtls_x509_crl * ca_crl const int * sig_hashes const mbedtls_ecp_group_id * curve_list mbedtls_mpi dhm_P mbedtls_mpi dhm_G unsigned char * psk size_t psk_len unsigned char * psk_identity size_t psk_identity_len const char ** alpn_list uint32_t read_timeout uint32_t hs_timeout_min uint32_t hs_timeout_max int renego_max_records unsigned char renego_period [8]unsigned int badmac_limit unsigned int dhm_min_bitlen unsigned char max_major_ver unsigned char max_minor_ver unsigned char min_major_ver unsigned char min_minor_ver unsigned int endpoint : 1unsigned int transport : 1unsigned int authmode : 2unsigned int allow_legacy_renegotiation : 2unsigned int arc4_disabled : 1unsigned int mfl_code : 3unsigned int encrypt_then_mac : 1unsigned int extended_ms : 1unsigned int anti_replay : 1unsigned int cbc_record_splitting : 1unsigned int disable_renegotiation : 1unsigned int trunc_hmac : 1unsigned int session_tickets : 1unsigned int fallback : 1unsigned int cert_req_ca_list : 1
Detailed Description
SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
Definition at line 597 of file ssl.h .
Field Documentation
MBEDTLS_LEGACY_XXX
Definition at line 744 of file ssl.h .
ordered list of protocols
Definition at line 701 of file ssl.h .
detect and prevent replay?
Definition at line 758 of file ssl.h .
blacklist RC4 ciphersuites?
Definition at line 746 of file ssl.h .
MBEDTLS_SSL_VERIFY_XXX
Definition at line 742 of file ssl.h .
limit of records with a bad MAC
Definition at line 724 of file ssl.h .
trusted CAs
Definition at line 668 of file ssl.h .
trusted CAs CRLs
Definition at line 669 of file ssl.h .
do cbc record splitting
Definition at line 761 of file ssl.h .
verification profile
Definition at line 666 of file ssl.h .
enable sending CA list in Certificate Request messages?
Definition at line 776 of file ssl.h .
allowed ciphersuites per version
Definition at line 605 of file ssl.h .
allowed curves
Definition at line 677 of file ssl.h .
generator for DHM
Definition at line 682 of file ssl.h .
min. bit length of the DHM prime
Definition at line 728 of file ssl.h .
prime modulus for DHM
Definition at line 681 of file ssl.h .
disable renegotiation?
Definition at line 764 of file ssl.h .
negotiate encrypt-then-mac?
Definition at line 752 of file ssl.h .
0: client, 1: server
Definition at line 740 of file ssl.h .
negotiate extended master secret?
Definition at line 755 of file ssl.h .
int(* f_cookie_check )(void *, const unsigned char *, size_t, const unsigned char *, size_t)
Callback to verify validity of a ClientHello cookie.
Definition at line 644 of file ssl.h .
int(* f_cookie_write )(void *, unsigned char **, unsigned char *, const unsigned char *, size_t)
Callback to create & write a cookie for ClientHello veirifcation.
Definition at line 641 of file ssl.h .
void(* f_dbg )(void *, int, const char *, int, const char *)
Callback for printing debug output.
Definition at line 608 of file ssl.h .
int(* f_export_keys )(void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t)
Callback to export key block and master secret.
Definition at line 660 of file ssl.h .
Callback to retrieve a session from the cache.
Definition at line 616 of file ssl.h .
int(* f_psk )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
Callback to retrieve PSK key from identity.
Definition at line 635 of file ssl.h .
int(* f_rng )(void *, unsigned char *, size_t)
Callback for getting (pseudo-)random numbers.
Definition at line 612 of file ssl.h .
int(* f_set_cache )(void *, const mbedtls_ssl_session *)
Callback to store a session into the cache.
Definition at line 618 of file ssl.h .
int(* f_sni )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
Callback for setting cert according to SNI extension.
Definition at line 623 of file ssl.h .
int(* f_ticket_parse )(void *, mbedtls_ssl_session *, unsigned char *, size_t)
Callback to parse a session ticket into a session structure.
Definition at line 654 of file ssl.h .
int(* f_ticket_write )(void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t *)
Callback to create & write a session ticket.
Definition at line 651 of file ssl.h .
Callback to customize X.509 certificate chain verification.
Definition at line 629 of file ssl.h .
is this a fallback?
Definition at line 773 of file ssl.h .
maximum value of the handshake retransmission timeout (ms)
Definition at line 713 of file ssl.h .
initial value of the handshake retransmission timeout (ms)
Definition at line 711 of file ssl.h .
own certificate/key pair(s)
Definition at line 667 of file ssl.h .
max. major version used
Definition at line 731 of file ssl.h .
max. minor version used
Definition at line 732 of file ssl.h .
desired fragment length
Definition at line 749 of file ssl.h .
min. major version used
Definition at line 733 of file ssl.h .
min. minor version used
Definition at line 734 of file ssl.h .
context for cache callbacks
Definition at line 619 of file ssl.h .
context for the cookie callbacks
Definition at line 646 of file ssl.h .
context for the debug function
Definition at line 609 of file ssl.h .
context for key export callback
Definition at line 662 of file ssl.h .
context for PSK callback
Definition at line 636 of file ssl.h .
context for the RNG function
Definition at line 613 of file ssl.h .
context for SNI callback
Definition at line 624 of file ssl.h .
context for the ticket callbacks
Definition at line 655 of file ssl.h .
context for X.509 verify calllback
Definition at line 630 of file ssl.h .
timeout for mbedtls_ssl_read (ms)
Definition at line 708 of file ssl.h .
grace period for renegotiation
Definition at line 718 of file ssl.h .
value of the record counters that triggers renegotiation
Definition at line 719 of file ssl.h .
use session tickets?
Definition at line 770 of file ssl.h .
allowed signature hashes
Definition at line 673 of file ssl.h .
stream (TLS) or datagram (DTLS)
Definition at line 741 of file ssl.h .
negotiate truncated hmac?
Definition at line 767 of file ssl.h .
1.7.2