Rtos API example
« Back to documentation index
mbedtls_ssl_config Struct Reference
SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
More...
#include <ssl.h >
Data Fields
const int * ciphersuite_list [4]
void(* f_dbg )(void *, int, const char *, int, const char *)
Callback for printing debug output.
void * p_dbg
int(* f_rng )(void *, unsigned char *, size_t)
Callback for getting (pseudo-)random numbers.
void * p_rng
int(* f_get_cache )(void *, mbedtls_ssl_session *)
Callback to retrieve a session from the cache.
int(* f_set_cache )(void *, const mbedtls_ssl_session *)
Callback to store a session into the cache.
void * p_cache
int(* f_sni )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
Callback for setting cert according to SNI extension.
void * p_sni
int(* f_vrfy )(void *, mbedtls_x509_crt *, int, uint32_t *)
Callback to customize X.509 certificate chain verification.
void * p_vrfy
int(* f_psk )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
Callback to retrieve PSK key from identity.
void * p_psk
int(* f_cookie_write )(void *, unsigned char **, unsigned char *, const unsigned char *, size_t)
Callback to create & write a cookie for ClientHello veirifcation.
int(* f_cookie_check )(void *, const unsigned char *, size_t, const unsigned char *, size_t)
Callback to verify validity of a ClientHello cookie.
void * p_cookie
int(* f_ticket_write )(void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t *)
Callback to create & write a session ticket.
int(* f_ticket_parse )(void *, mbedtls_ssl_session *, unsigned char *, size_t)
Callback to parse a session ticket into a session structure.
void * p_ticket
int(* f_export_keys )(void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t)
Callback to export key block and master secret.
void * p_export_keys
const mbedtls_x509_crt_profile * cert_profile
mbedtls_ssl_key_cert * key_cert
mbedtls_x509_crt * ca_chain
mbedtls_x509_crl * ca_crl
const int * sig_hashes
const mbedtls_ecp_group_id * curve_list
mbedtls_mpi dhm_P
mbedtls_mpi dhm_G
unsigned char * psk
size_t psk_len
unsigned char * psk_identity
size_t psk_identity_len
const char ** alpn_list
uint32_t read_timeout
uint32_t hs_timeout_min
uint32_t hs_timeout_max
int renego_max_records
unsigned char renego_period [8]
unsigned int badmac_limit
unsigned int dhm_min_bitlen
unsigned char max_major_ver
unsigned char max_minor_ver
unsigned char min_major_ver
unsigned char min_minor_ver
unsigned int endpoint : 1
unsigned int transport : 1
unsigned int authmode : 2
unsigned int allow_legacy_renegotiation : 2
unsigned int arc4_disabled : 1
unsigned int mfl_code : 3
unsigned int encrypt_then_mac : 1
unsigned int extended_ms : 1
unsigned int anti_replay : 1
unsigned int cbc_record_splitting : 1
unsigned int disable_renegotiation : 1
unsigned int trunc_hmac : 1
unsigned int session_tickets : 1
unsigned int fallback : 1
unsigned int cert_req_ca_list : 1
Detailed Description
SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
Definition at line 586 of file ssl.h .
Field Documentation
MBEDTLS_LEGACY_XXX
Definition at line 725 of file ssl.h .
ordered list of protocols
Definition at line 682 of file ssl.h .
detect and prevent replay?
Definition at line 739 of file ssl.h .
blacklist RC4 ciphersuites?
Definition at line 727 of file ssl.h .
MBEDTLS_SSL_VERIFY_XXX
Definition at line 723 of file ssl.h .
limit of records with a bad MAC
Definition at line 705 of file ssl.h .
trusted CAs
Definition at line 657 of file ssl.h .
trusted CAs CRLs
Definition at line 658 of file ssl.h .
do cbc record splitting
Definition at line 742 of file ssl.h .
verification profile
Definition at line 655 of file ssl.h .
enable sending CA list in Certificate Request messages?
Definition at line 757 of file ssl.h .
allowed ciphersuites per version
Definition at line 594 of file ssl.h .
allowed curves
Definition at line 666 of file ssl.h .
generator for DHM
Definition at line 671 of file ssl.h .
min. bit length of the DHM prime
Definition at line 709 of file ssl.h .
prime modulus for DHM
Definition at line 670 of file ssl.h .
disable renegotiation?
Definition at line 745 of file ssl.h .
negotiate encrypt-then-mac?
Definition at line 733 of file ssl.h .
0: client, 1: server
Definition at line 721 of file ssl.h .
negotiate extended master secret?
Definition at line 736 of file ssl.h .
int(* f_cookie_check )(void *, const unsigned char *, size_t, const unsigned char *, size_t)
Callback to verify validity of a ClientHello cookie.
Definition at line 633 of file ssl.h .
int(* f_cookie_write )(void *, unsigned char **, unsigned char *, const unsigned char *, size_t)
Callback to create & write a cookie for ClientHello veirifcation.
Definition at line 630 of file ssl.h .
void(* f_dbg )(void *, int, const char *, int, const char *)
Callback for printing debug output.
Definition at line 597 of file ssl.h .
int(* f_export_keys )(void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t)
Callback to export key block and master secret.
Definition at line 649 of file ssl.h .
Callback to retrieve a session from the cache.
Definition at line 605 of file ssl.h .
int(* f_psk )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
Callback to retrieve PSK key from identity.
Definition at line 624 of file ssl.h .
int(* f_rng )(void *, unsigned char *, size_t)
Callback for getting (pseudo-)random numbers.
Definition at line 601 of file ssl.h .
int(* f_set_cache )(void *, const mbedtls_ssl_session *)
Callback to store a session into the cache.
Definition at line 607 of file ssl.h .
int(* f_sni )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
Callback for setting cert according to SNI extension.
Definition at line 612 of file ssl.h .
int(* f_ticket_parse )(void *, mbedtls_ssl_session *, unsigned char *, size_t)
Callback to parse a session ticket into a session structure.
Definition at line 643 of file ssl.h .
int(* f_ticket_write )(void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t *)
Callback to create & write a session ticket.
Definition at line 640 of file ssl.h .
Callback to customize X.509 certificate chain verification.
Definition at line 618 of file ssl.h .
is this a fallback?
Definition at line 754 of file ssl.h .
maximum value of the handshake retransmission timeout (ms)
Definition at line 694 of file ssl.h .
initial value of the handshake retransmission timeout (ms)
Definition at line 692 of file ssl.h .
own certificate/key pair(s)
Definition at line 656 of file ssl.h .
max. major version used
Definition at line 712 of file ssl.h .
max. minor version used
Definition at line 713 of file ssl.h .
desired fragment length
Definition at line 730 of file ssl.h .
min. major version used
Definition at line 714 of file ssl.h .
min. minor version used
Definition at line 715 of file ssl.h .
context for cache callbacks
Definition at line 608 of file ssl.h .
context for the cookie callbacks
Definition at line 635 of file ssl.h .
context for the debug function
Definition at line 598 of file ssl.h .
context for key export callback
Definition at line 651 of file ssl.h .
context for PSK callback
Definition at line 625 of file ssl.h .
context for the RNG function
Definition at line 602 of file ssl.h .
context for SNI callback
Definition at line 613 of file ssl.h .
context for the ticket callbacks
Definition at line 644 of file ssl.h .
context for X.509 verify calllback
Definition at line 619 of file ssl.h .
pre-shared key
Definition at line 675 of file ssl.h .
identity for PSK negotiation
Definition at line 677 of file ssl.h .
length of identity
Definition at line 678 of file ssl.h .
length of the pre-shared key
Definition at line 676 of file ssl.h .
timeout for mbedtls_ssl_read (ms)
Definition at line 689 of file ssl.h .
grace period for renegotiation
Definition at line 699 of file ssl.h .
value of the record counters that triggers renegotiation
Definition at line 700 of file ssl.h .
use session tickets?
Definition at line 751 of file ssl.h .
allowed signature hashes
Definition at line 662 of file ssl.h .
stream (TLS) or datagram (DTLS)
Definition at line 722 of file ssl.h .
negotiate truncated hmac?
Definition at line 748 of file ssl.h .