![]() |
mbed TLS
Version 2.17.0
SSL/TLS Library for the Embedded Space
|
SSL/TLS configuration to be shared between mbedtls_ssl_context structures. More...
Data Fields | |
const int * | ciphersuite_list [4] |
void(* | f_dbg )(void *, int, const char *, int, const char *) |
Callback for printing debug output. | |
void * | p_dbg |
int(* | f_rng )(void *, unsigned char *, size_t) |
Callback for getting (pseudo-)random numbers. | |
void * | p_rng |
int(* | f_get_cache )(void *, mbedtls_ssl_session *) |
Callback to retrieve a session from the cache. | |
int(* | f_set_cache )(void *, const mbedtls_ssl_session *) |
Callback to store a session into the cache. | |
void * | p_cache |
int(* | f_sni )(void *, mbedtls_ssl_context *, const unsigned char *, size_t) |
Callback for setting cert according to SNI extension. | |
void * | p_sni |
int(* | f_vrfy )(void *, mbedtls_x509_crt *, int, uint32_t *) |
Callback to customize X.509 certificate chain verification. | |
void * | p_vrfy |
int(* | f_psk )(void *, mbedtls_ssl_context *, const unsigned char *, size_t) |
Callback to retrieve PSK key from identity. | |
void * | p_psk |
int(* | f_cookie_write )(void *, unsigned char **, unsigned char *, const unsigned char *, size_t) |
Callback to create & write a cookie for ClientHello veirifcation. | |
int(* | f_cookie_check )(void *, const unsigned char *, size_t, const unsigned char *, size_t) |
Callback to verify validity of a ClientHello cookie. | |
void * | p_cookie |
int(* | f_ticket_write )(void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t *) |
Callback to create & write a session ticket. | |
int(* | f_ticket_parse )(void *, mbedtls_ssl_session *, unsigned char *, size_t) |
Callback to parse a session ticket into a session structure. | |
void * | p_ticket |
int(* | f_export_keys )(void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t) |
Callback to export key block and master secret. | |
void * | p_export_keys |
const mbedtls_x509_crt_profile * | cert_profile |
mbedtls_ssl_key_cert * | key_cert |
mbedtls_x509_crt * | ca_chain |
mbedtls_x509_crl * | ca_crl |
const int * | sig_hashes |
const mbedtls_ecp_group_id * | curve_list |
mbedtls_mpi | dhm_P |
mbedtls_mpi | dhm_G |
unsigned char * | psk |
size_t | psk_len |
unsigned char * | psk_identity |
size_t | psk_identity_len |
const char ** | alpn_list |
uint32_t | read_timeout |
uint32_t | hs_timeout_min |
uint32_t | hs_timeout_max |
int | renego_max_records |
unsigned char | renego_period [8] |
unsigned int | badmac_limit |
unsigned int | dhm_min_bitlen |
unsigned char | max_major_ver |
unsigned char | max_minor_ver |
unsigned char | min_major_ver |
unsigned char | min_minor_ver |
unsigned int | endpoint: 1 |
unsigned int | transport: 1 |
unsigned int | authmode: 2 |
unsigned int | allow_legacy_renegotiation: 2 |
unsigned int | arc4_disabled: 1 |
unsigned int | mfl_code: 3 |
unsigned int | encrypt_then_mac: 1 |
unsigned int | extended_ms: 1 |
unsigned int | anti_replay: 1 |
unsigned int | cbc_record_splitting: 1 |
unsigned int | disable_renegotiation: 1 |
unsigned int | trunc_hmac: 1 |
unsigned int | session_tickets: 1 |
unsigned int | fallback: 1 |
unsigned int | cert_req_ca_list: 1 |
SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
unsigned int allow_legacy_renegotiation |
MBEDTLS_LEGACY_XXX
const char** alpn_list |
ordered list of protocols
unsigned int anti_replay |
detect and prevent replay?
unsigned int arc4_disabled |
blacklist RC4 ciphersuites?
unsigned int authmode |
MBEDTLS_SSL_VERIFY_XXX
unsigned int badmac_limit |
limit of records with a bad MAC
mbedtls_x509_crt* ca_chain |
trusted CAs
mbedtls_x509_crl* ca_crl |
trusted CAs CRLs
unsigned int cbc_record_splitting |
do cbc record splitting
const mbedtls_x509_crt_profile* cert_profile |
verification profile
unsigned int cert_req_ca_list |
enable sending CA list in Certificate Request messages?
const int* ciphersuite_list[4] |
allowed ciphersuites per version
const mbedtls_ecp_group_id* curve_list |
allowed curves
mbedtls_mpi dhm_G |
generator for DHM
unsigned int dhm_min_bitlen |
min. bit length of the DHM prime
mbedtls_mpi dhm_P |
prime modulus for DHM
unsigned int disable_renegotiation |
disable renegotiation?
unsigned int encrypt_then_mac |
negotiate encrypt-then-mac?
unsigned int endpoint |
0: client, 1: server
unsigned int extended_ms |
negotiate extended master secret?
unsigned int fallback |
is this a fallback?
uint32_t hs_timeout_max |
maximum value of the handshake retransmission timeout (ms)
uint32_t hs_timeout_min |
initial value of the handshake retransmission timeout (ms)
mbedtls_ssl_key_cert* key_cert |
own certificate/key pair(s)
unsigned char max_major_ver |
max. major version used
unsigned char max_minor_ver |
max. minor version used
unsigned int mfl_code |
desired fragment length
unsigned char min_major_ver |
min. major version used
unsigned char min_minor_ver |
min. minor version used
void* p_cache |
context for cache callbacks
void* p_cookie |
context for the cookie callbacks
void* p_dbg |
context for the debug function
void* p_export_keys |
context for key export callback
void* p_psk |
context for PSK callback
void* p_rng |
context for the RNG function
void* p_sni |
context for SNI callback
void* p_ticket |
context for the ticket callbacks
void* p_vrfy |
context for X.509 verify calllback
unsigned char* psk |
The raw pre-shared key. This field should only be set via mbedtls_ssl_conf_psk(). If either no PSK or an opaque PSK have been configured, this has value NULL.
unsigned char* psk_identity |
The PSK identity for PSK negotiation. This field should only be set via mbedtls_ssl_conf_psk(). This is set if and only if either psk
or psk_opaque
are set.
size_t psk_identity_len |
The length of PSK identity. This field should only be set via mbedtls_ssl_conf_psk(). Its value is non-zero if and only if psk
is not NULL
or psk_opaque
is not 0
.
size_t psk_len |
The length of the raw pre-shared key. This field should only be set via mbedtls_ssl_conf_psk(). Its value is non-zero if and only if psk
is not NULL
.
uint32_t read_timeout |
timeout for mbedtls_ssl_read (ms)
int renego_max_records |
grace period for renegotiation
unsigned char renego_period[8] |
value of the record counters that triggers renegotiation
unsigned int session_tickets |
use session tickets?
const int* sig_hashes |
allowed signature hashes
unsigned int transport |
stream (TLS) or datagram (DTLS)
unsigned int trunc_hmac |
negotiate truncated hmac?