SSL/TLS configuration to be shared between mbedtls_ssl_context structures. More...

#include <ssl.h>

Data Fields
const int *	ciphersuite_list [4]
void(*	f_dbg )(void , int, const char , int, const char *)
	Callback for printing debug output.
void *	p_dbg
int(*	f_rng )(void , unsigned char , size_t)
	Callback for getting (pseudo-)random numbers.
void *	p_rng
int(*	f_get_cache )(void , mbedtls_ssl_session )
	Callback to retrieve a session from the cache.
int(*	f_set_cache )(void , const mbedtls_ssl_session )
	Callback to store a session into the cache.
void *	p_cache
int(*	f_sni )(void , mbedtls_ssl_context , const unsigned char *, size_t)
	Callback for setting cert according to SNI extension.
void *	p_sni
int(*	f_vrfy )(void , mbedtls_x509_crt , int, uint32_t *)
	Callback to customize X.509 certificate chain verification.
void *	p_vrfy
int(*	f_psk )(void , mbedtls_ssl_context , const unsigned char *, size_t)
	Callback to retrieve PSK key from identity.
void *	p_psk
int(*	f_cookie_write )(void , unsigned char , unsigned char , const unsigned char *, size_t)
	Callback to create & write a cookie for ClientHello veirifcation.
int(*	f_cookie_check )(void , const unsigned char , size_t, const unsigned char *, size_t)
	Callback to verify validity of a ClientHello cookie.
void *	p_cookie
int(*	f_ticket_write )(void , const mbedtls_ssl_session , unsigned char , const unsigned char , size_t , uint32_t )
	Callback to create & write a session ticket.
int(*	f_ticket_parse )(void , mbedtls_ssl_session , unsigned char *, size_t)
	Callback to parse a session ticket into a session structure.
void *	p_ticket
int(*	f_export_keys )(void , const unsigned char , const unsigned char *, size_t, size_t, size_t)
	Callback to export key block and master secret.
void *	p_export_keys
const mbedtls_x509_crt_profile *	cert_profile
mbedtls_ssl_key_cert *	key_cert
mbedtls_x509_crt *	ca_chain
mbedtls_x509_crl *	ca_crl
mbedtls_ssl_async_sign_t *	f_async_sign_start
mbedtls_ssl_async_decrypt_t *	f_async_decrypt_start
mbedtls_ssl_async_resume_t *	f_async_resume
mbedtls_ssl_async_cancel_t *	f_async_cancel
void *	p_async_config_data
const int *	sig_hashes
const mbedtls_ecp_group_id *	curve_list
mbedtls_mpi	dhm_P
mbedtls_mpi	dhm_G
unsigned char *	psk
size_t	psk_len
unsigned char *	psk_identity
size_t	psk_identity_len
const char **	alpn_list
uint32_t	read_timeout
uint32_t	hs_timeout_min
uint32_t	hs_timeout_max
int	renego_max_records
unsigned char	renego_period [8]
unsigned int	badmac_limit
unsigned int	dhm_min_bitlen
unsigned char	max_major_ver
unsigned char	max_minor_ver
unsigned char	min_major_ver
unsigned char	min_minor_ver
unsigned int	endpoint: 1
unsigned int	transport: 1
unsigned int	authmode: 2
unsigned int	allow_legacy_renegotiation: 2
unsigned int	arc4_disabled: 1
unsigned int	mfl_code: 3
unsigned int	encrypt_then_mac: 1
unsigned int	extended_ms: 1
unsigned int	anti_replay: 1
unsigned int	cbc_record_splitting: 1
unsigned int	disable_renegotiation: 1
unsigned int	trunc_hmac: 1
unsigned int	session_tickets: 1
unsigned int	fallback: 1
unsigned int	cert_req_ca_list: 1

Detailed Description

SSL/TLS configuration to be shared between mbedtls_ssl_context structures.

Definition at line 826 of file ssl.h.

Field Documentation

unsigned int allow_legacy_renegotiation

MBEDTLS_LEGACY_XXX

Definition at line 983 of file ssl.h.

const char** alpn_list

ordered list of protocols

Definition at line 940 of file ssl.h.

unsigned int anti_replay

detect and prevent replay?

Definition at line 997 of file ssl.h.

unsigned int arc4_disabled

blacklist RC4 ciphersuites?

Definition at line 985 of file ssl.h.

unsigned int authmode

MBEDTLS_SSL_VERIFY_XXX

Definition at line 981 of file ssl.h.

unsigned int badmac_limit

limit of records with a bad MAC

Definition at line 963 of file ssl.h.

mbedtls_x509_crt* ca_chain

trusted CAs

Definition at line 897 of file ssl.h.

mbedtls_x509_crl* ca_crl

trusted CAs CRLs

Definition at line 898 of file ssl.h.

unsigned int cbc_record_splitting

do cbc record splitting

Definition at line 1000 of file ssl.h.

const mbedtls_x509_crt_profile* cert_profile

verification profile

Definition at line 895 of file ssl.h.

unsigned int cert_req_ca_list

enable sending CA list in Certificate Request messages?

Definition at line 1015 of file ssl.h.

const int* ciphersuite_list[4]

allowed ciphersuites per version

Definition at line 834 of file ssl.h.

const mbedtls_ecp_group_id* curve_list

allowed curves

Definition at line 916 of file ssl.h.

mbedtls_mpi dhm_G

generator for DHM

Definition at line 921 of file ssl.h.

unsigned int dhm_min_bitlen

min. bit length of the DHM prime

Definition at line 967 of file ssl.h.

mbedtls_mpi dhm_P

prime modulus for DHM

Definition at line 920 of file ssl.h.

unsigned int disable_renegotiation

disable renegotiation?

Definition at line 1003 of file ssl.h.

unsigned int encrypt_then_mac

negotiate encrypt-then-mac?

Definition at line 991 of file ssl.h.

unsigned int endpoint

0: client, 1: server

Definition at line 979 of file ssl.h.

unsigned int extended_ms

negotiate extended master secret?

Definition at line 994 of file ssl.h.

mbedtls_ssl_async_cancel_t* f_async_cancel

cancel asynchronous operation

Definition at line 907 of file ssl.h.

mbedtls_ssl_async_decrypt_t* f_async_decrypt_start

start asynchronous decryption operation

Definition at line 904 of file ssl.h.

mbedtls_ssl_async_resume_t* f_async_resume

resume asynchronous operation

Definition at line 906 of file ssl.h.

mbedtls_ssl_async_sign_t* f_async_sign_start

start asynchronous signature operation

Definition at line 903 of file ssl.h.

int(* f_cookie_check)(void *, const unsigned char *, size_t, const unsigned char *, size_t)

Callback to verify validity of a ClientHello cookie.

Definition at line 873 of file ssl.h.

int(* f_cookie_write)(void *, unsigned char **, unsigned char *, const unsigned char *, size_t)

Callback to create & write a cookie for ClientHello veirifcation.

Definition at line 870 of file ssl.h.

void(* f_dbg)(void *, int, const char *, int, const char *)

Callback for printing debug output.

Definition at line 837 of file ssl.h.

int(* f_export_keys)(void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t)

Callback to export key block and master secret.

Definition at line 889 of file ssl.h.

int(* f_get_cache)(void *, mbedtls_ssl_session *)

Callback to retrieve a session from the cache.

Definition at line 845 of file ssl.h.

int(* f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t)

Callback to retrieve PSK key from identity.

Definition at line 864 of file ssl.h.

int(* f_rng)(void *, unsigned char *, size_t)

Callback for getting (pseudo-)random numbers.

Definition at line 841 of file ssl.h.

int(* f_set_cache)(void *, const mbedtls_ssl_session *)

Callback to store a session into the cache.

Definition at line 847 of file ssl.h.

int(* f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t)

Callback for setting cert according to SNI extension.

Definition at line 852 of file ssl.h.

int(* f_ticket_parse)(void *, mbedtls_ssl_session *, unsigned char *, size_t)

Callback to parse a session ticket into a session structure.

Definition at line 883 of file ssl.h.

int(* f_ticket_write)(void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t *)

Callback to create & write a session ticket.

Definition at line 880 of file ssl.h.

int(* f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *)

Callback to customize X.509 certificate chain verification.

Definition at line 858 of file ssl.h.

unsigned int fallback

is this a fallback?

Definition at line 1012 of file ssl.h.

uint32_t hs_timeout_max

maximum value of the handshake retransmission timeout (ms)

Definition at line 952 of file ssl.h.

uint32_t hs_timeout_min

initial value of the handshake retransmission timeout (ms)

Definition at line 950 of file ssl.h.

mbedtls_ssl_key_cert* key_cert

own certificate/key pair(s)

Definition at line 896 of file ssl.h.

unsigned char max_major_ver

max. major version used

Definition at line 970 of file ssl.h.

unsigned char max_minor_ver

max. minor version used

Definition at line 971 of file ssl.h.

unsigned int mfl_code

desired fragment length

Definition at line 988 of file ssl.h.

unsigned char min_major_ver

min. major version used

Definition at line 972 of file ssl.h.

unsigned char min_minor_ver

min. minor version used

Definition at line 973 of file ssl.h.

void* p_async_config_data

Configuration data set by mbedtls_ssl_conf_async_private_cb().

Definition at line 908 of file ssl.h.

void* p_cache

context for cache callbacks

Definition at line 848 of file ssl.h.

void* p_cookie

context for the cookie callbacks

Definition at line 875 of file ssl.h.

void* p_dbg

context for the debug function

Definition at line 838 of file ssl.h.

void* p_export_keys

context for key export callback

Definition at line 891 of file ssl.h.

void* p_psk

context for PSK callback

Definition at line 865 of file ssl.h.

void* p_rng

context for the RNG function

Definition at line 842 of file ssl.h.

void* p_sni

context for SNI callback

Definition at line 853 of file ssl.h.

void* p_ticket

context for the ticket callbacks

Definition at line 884 of file ssl.h.

void* p_vrfy

context for X.509 verify calllback

Definition at line 859 of file ssl.h.

unsigned char* psk

pre-shared key. This field should only be set via mbedtls_ssl_conf_psk()

Definition at line 925 of file ssl.h.

unsigned char* psk_identity

identity for PSK negotiation. This field should only be set via mbedtls_ssl_conf_psk()

Definition at line 931 of file ssl.h.

size_t psk_identity_len

length of identity. This field should only be set via mbedtls_ssl_conf_psk()

Definition at line 934 of file ssl.h.

size_t psk_len

length of the pre-shared key. This field should only be set via mbedtls_ssl_conf_psk()

Definition at line 928 of file ssl.h.

uint32_t read_timeout

timeout for mbedtls_ssl_read (ms)

Definition at line 947 of file ssl.h.

int renego_max_records

grace period for renegotiation

Definition at line 957 of file ssl.h.

unsigned char renego_period[8]

value of the record counters that triggers renegotiation

Definition at line 958 of file ssl.h.

unsigned int session_tickets

use session tickets?

Definition at line 1009 of file ssl.h.

const int* sig_hashes

allowed signature hashes

Definition at line 912 of file ssl.h.

unsigned int transport

stream (TLS) or datagram (DTLS)

Definition at line 980 of file ssl.h.

unsigned int trunc_hmac

negotiate truncated hmac?

Definition at line 1006 of file ssl.h.

Type:	Program
Created:	12 Feb 2019
Imports:	15
Forks:	0
Commits:	7
Dependents:	0
Dependencies:	3
Followers:	1

Important changes to repositories hosted on mbed.com

mbedtls_ssl_config Struct Reference

Data Fields

Detailed Description

Field Documentation

Repository toolbox

Repository details

Important Information for this Arm website

Important changes to repositories hosted on mbed.com

mbedtls_ssl_config Struct Reference

Data Fields

Detailed Description

Field Documentation

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning