« Back to documentation index
mbedtls_ssl_config Struct Reference
SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
More...
#include <ssl.h >
const int * ciphersuite_list [4]void(* f_dbg )(void *, int, const char *, int, const char *) Callback for printing debug output. void * p_dbg int(* f_rng )(void *, unsigned char *, size_t) Callback for getting (pseudo-)random numbers. void * p_rng int(* f_get_cache )(void *, mbedtls_ssl_session *) Callback to retrieve a session from the cache. int(* f_set_cache )(void *, const mbedtls_ssl_session *) Callback to store a session into the cache. void * p_cache int(* f_sni )(void *, mbedtls_ssl_context *, const unsigned char *, size_t) Callback for setting cert according to SNI extension. void * p_sni int(* f_vrfy )(void *, mbedtls_x509_crt *, int, uint32_t *) Callback to customize X.509 certificate chain verification. void * p_vrfy int(* f_psk )(void *, mbedtls_ssl_context *, const unsigned char *, size_t) Callback to retrieve PSK key from identity. void * p_psk int(* f_cookie_write )(void *, unsigned char **, unsigned char *, const unsigned char *, size_t) Callback to create & write a cookie for ClientHello veirifcation. int(* f_cookie_check )(void *, const unsigned char *, size_t, const unsigned char *, size_t) Callback to verify validity of a ClientHello cookie. void * p_cookie int(* f_ticket_write )(void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t *) Callback to create & write a session ticket. int(* f_ticket_parse )(void *, mbedtls_ssl_session *, unsigned char *, size_t) Callback to parse a session ticket into a session structure. void * p_ticket int(* f_export_keys )(void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t) Callback to export key block and master secret. int(* f_export_keys_ext )(void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t, const unsigned char[32], const unsigned char[32], mbedtls_tls_prf_types) Callback to export key block, master secret, tls_prf and random bytes. void * p_export_keys size_t cid_len const mbedtls_x509_crt_profile * cert_profile mbedtls_ssl_key_cert * key_cert mbedtls_x509_crt * ca_chain mbedtls_x509_crl * ca_crl mbedtls_ssl_async_sign_t * f_async_sign_start mbedtls_ssl_async_decrypt_t * f_async_decrypt_start mbedtls_ssl_async_resume_t * f_async_resume mbedtls_ssl_async_cancel_t * f_async_cancel void * p_async_config_data const int * sig_hashes const mbedtls_ecp_group_id * curve_list mbedtls_mpi dhm_P mbedtls_mpi dhm_G psa_key_handle_t psk_opaque unsigned char * psk size_t psk_len unsigned char * psk_identity size_t psk_identity_len const char ** alpn_list uint32_t read_timeout uint32_t hs_timeout_min uint32_t hs_timeout_max int renego_max_records unsigned char renego_period [8]unsigned int badmac_limit unsigned int dhm_min_bitlen unsigned char max_major_ver unsigned char max_minor_ver unsigned char min_major_ver unsigned char min_minor_ver unsigned int endpoint : 1unsigned int transport : 1unsigned int authmode : 2unsigned int allow_legacy_renegotiation : 2unsigned int arc4_disabled : 1unsigned int mfl_code : 3unsigned int encrypt_then_mac : 1unsigned int extended_ms : 1unsigned int anti_replay : 1unsigned int cbc_record_splitting : 1unsigned int disable_renegotiation : 1unsigned int trunc_hmac : 1unsigned int session_tickets : 1unsigned int fallback : 1unsigned int cert_req_ca_list : 1unsigned int ignore_unexpected_cid : 1
Detailed Description
SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
Definition at line 904 of file ssl.h .
Field Documentation
MBEDTLS_LEGACY_XXX
Definition at line 1093 of file ssl.h .
ordered list of protocols
Definition at line 1050 of file ssl.h .
detect and prevent replay?
Definition at line 1107 of file ssl.h .
blacklist RC4 ciphersuites?
Definition at line 1095 of file ssl.h .
MBEDTLS_SSL_VERIFY_XXX
Definition at line 1091 of file ssl.h .
limit of records with a bad MAC
Definition at line 1073 of file ssl.h .
trusted CAs
Definition at line 985 of file ssl.h .
trusted CAs CRLs
Definition at line 986 of file ssl.h .
do cbc record splitting
Definition at line 1110 of file ssl.h .
verification profile
Definition at line 983 of file ssl.h .
enable sending CA list in Certificate Request messages?
Definition at line 1125 of file ssl.h .
The length of CIDs for incoming DTLS records.
Definition at line 979 of file ssl.h .
allowed ciphersuites per version
Definition at line 912 of file ssl.h .
allowed curves
Definition at line 1008 of file ssl.h .
generator for DHM
Definition at line 1013 of file ssl.h .
min. bit length of the DHM prime
Definition at line 1077 of file ssl.h .
prime modulus for DHM
Definition at line 1012 of file ssl.h .
disable renegotiation?
Definition at line 1113 of file ssl.h .
negotiate encrypt-then-mac?
Definition at line 1101 of file ssl.h .
0: client, 1: server
Definition at line 1089 of file ssl.h .
negotiate extended master secret?
Definition at line 1104 of file ssl.h .
cancel asynchronous operation
Definition at line 999 of file ssl.h .
start asynchronous decryption operation
Definition at line 996 of file ssl.h .
resume asynchronous operation
Definition at line 998 of file ssl.h .
start asynchronous signature operation
Definition at line 995 of file ssl.h .
int(* f_cookie_check )(void *, const unsigned char *, size_t, const unsigned char *, size_t)
Callback to verify validity of a ClientHello cookie.
Definition at line 951 of file ssl.h .
int(* f_cookie_write )(void *, unsigned char **, unsigned char *, const unsigned char *, size_t)
Callback to create & write a cookie for ClientHello veirifcation.
Definition at line 948 of file ssl.h .
void(* f_dbg )(void *, int, const char *, int, const char *)
Callback for printing debug output.
Definition at line 915 of file ssl.h .
int(* f_export_keys )(void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t)
Callback to export key block and master secret.
Definition at line 967 of file ssl.h .
int(* f_export_keys_ext )(void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t, const unsigned char[32], const unsigned char[32], mbedtls_tls_prf_types)
Callback to export key block, master secret, tls_prf and random bytes.
Should replace f_export_keys
Definition at line 971 of file ssl.h .
Callback to retrieve a session from the cache.
Definition at line 923 of file ssl.h .
int(* f_psk )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
Callback to retrieve PSK key from identity.
Definition at line 942 of file ssl.h .
int(* f_rng )(void *, unsigned char *, size_t)
Callback for getting (pseudo-)random numbers.
Definition at line 919 of file ssl.h .
int(* f_set_cache )(void *, const mbedtls_ssl_session *)
Callback to store a session into the cache.
Definition at line 925 of file ssl.h .
int(* f_sni )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
Callback for setting cert according to SNI extension.
Definition at line 930 of file ssl.h .
int(* f_ticket_parse )(void *, mbedtls_ssl_session *, unsigned char *, size_t)
Callback to parse a session ticket into a session structure.
Definition at line 961 of file ssl.h .
int(* f_ticket_write )(void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t *)
Callback to create & write a session ticket.
Definition at line 958 of file ssl.h .
Callback to customize X.509 certificate chain verification.
Definition at line 936 of file ssl.h .
is this a fallback?
Definition at line 1122 of file ssl.h .
maximum value of the handshake retransmission timeout (ms)
Definition at line 1062 of file ssl.h .
initial value of the handshake retransmission timeout (ms)
Definition at line 1060 of file ssl.h .
Determines whether DTLS record with unexpected CID should lead to failure.
Definition at line 1129 of file ssl.h .
own certificate/key pair(s)
Definition at line 984 of file ssl.h .
max. major version used
Definition at line 1080 of file ssl.h .
max. minor version used
Definition at line 1081 of file ssl.h .
desired fragment length
Definition at line 1098 of file ssl.h .
min. major version used
Definition at line 1082 of file ssl.h .
min. minor version used
Definition at line 1083 of file ssl.h .
context for cache callbacks
Definition at line 926 of file ssl.h .
context for the cookie callbacks
Definition at line 953 of file ssl.h .
context for the debug function
Definition at line 916 of file ssl.h .
context for key export callback
Definition at line 975 of file ssl.h .
context for PSK callback
Definition at line 943 of file ssl.h .
context for the RNG function
Definition at line 920 of file ssl.h .
context for SNI callback
Definition at line 931 of file ssl.h .
context for the ticket callbacks
Definition at line 962 of file ssl.h .
context for X.509 verify calllback
Definition at line 937 of file ssl.h .
The raw pre-shared key. This field should only be set via mbedtls_ssl_conf_psk() . If either no PSK or an opaque PSK have been configured, this has value NULL.
Definition at line 1026 of file ssl.h .
The PSK identity for PSK negotiation. This field should only be set via mbedtls_ssl_conf_psk() . This is set if and only if either psk or psk_opaque are set.
Definition at line 1036 of file ssl.h .
The length of PSK identity. This field should only be set via mbedtls_ssl_conf_psk() . Its value is non-zero if and only if psk is not NULL or psk_opaque is not 0.
Definition at line 1041 of file ssl.h .
The length of the raw pre-shared key. This field should only be set via mbedtls_ssl_conf_psk() . Its value is non-zero if and only if psk is not NULL.
Definition at line 1030 of file ssl.h .
PSA key slot holding opaque PSK. This field should only be set via mbedtls_ssl_conf_psk_opaque() . If either no PSK or a raw PSK have been configured, this has value 0.
Definition at line 1019 of file ssl.h .
timeout for mbedtls_ssl_read (ms)
Definition at line 1057 of file ssl.h .
grace period for renegotiation
Definition at line 1067 of file ssl.h .
value of the record counters that triggers renegotiation
Definition at line 1068 of file ssl.h .
use session tickets?
Definition at line 1119 of file ssl.h .
allowed signature hashes
Definition at line 1004 of file ssl.h .
stream (TLS) or datagram (DTLS)
Definition at line 1090 of file ssl.h .
negotiate truncated hmac?
Definition at line 1116 of file ssl.h .
1.7.2