Mbed TLS v3.6.3
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Data Fields
mbedtls_ssl_config Struct Reference

#include <ssl.h>

Collaboration diagram for mbedtls_ssl_config:
Collaboration graph
[legend]

Data Fields

mbedtls_ssl_protocol_version private_max_tls_version
 
mbedtls_ssl_protocol_version private_min_tls_version
 
uint8_t private_endpoint
 
uint8_t private_transport
 
uint8_t private_authmode
 
uint8_t private_allow_legacy_renegotiation
 
uint8_t private_mfl_code
 
uint8_t private_encrypt_then_mac
 
uint8_t private_extended_ms
 
uint8_t private_anti_replay
 
uint8_t private_disable_renegotiation
 
uint8_t private_session_tickets
 
uint16_t private_new_session_tickets_count
 
uint8_t private_cert_req_ca_list
 
uint8_t private_respect_cli_pref
 
uint8_t private_ignore_unexpected_cid
 
uint8_t private_dtls_srtp_mki_support
 
const int * private_ciphersuite_list
 
int private_tls13_kex_modes
 
void(* private_f_dbg )(void *, int, const char *, int, const char *)
 
void * private_p_dbg
 
int(* private_f_rng )(void *, unsigned char *, size_t)
 
void * private_p_rng
 
mbedtls_ssl_cache_get_tprivate_f_get_cache
 
mbedtls_ssl_cache_set_tprivate_f_set_cache
 
void * private_p_cache
 
int(* private_f_sni )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
 
void * private_p_sni
 
int(* private_f_vrfy )(void *, mbedtls_x509_crt *, int, uint32_t *)
 
void * private_p_vrfy
 
int(* private_f_psk )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
 
void * private_p_psk
 
int(* private_f_cookie_write )(void *, unsigned char **, unsigned char *, const unsigned char *, size_t)
 
int(* private_f_cookie_check )(void *, const unsigned char *, size_t, const unsigned char *, size_t)
 
void * private_p_cookie
 
int(* private_f_ticket_write )(void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t *)
 
int(* private_f_ticket_parse )(void *, mbedtls_ssl_session *, unsigned char *, size_t)
 
void * private_p_ticket
 
size_t private_cid_len
 
const mbedtls_x509_crt_profileprivate_cert_profile
 
mbedtls_ssl_key_certprivate_key_cert
 
mbedtls_x509_crtprivate_ca_chain
 
mbedtls_x509_crlprivate_ca_crl
 
mbedtls_x509_crt_ca_cb_t private_f_ca_cb
 
void * private_p_ca_cb
 
mbedtls_ssl_async_sign_tprivate_f_async_sign_start
 
mbedtls_ssl_async_decrypt_tprivate_f_async_decrypt_start
 
mbedtls_ssl_async_resume_tprivate_f_async_resume
 
mbedtls_ssl_async_cancel_tprivate_f_async_cancel
 
void * private_p_async_config_data
 
const uint16_t * private_sig_algs
 
const uint16_t * private_group_list
 
mbedtls_mpi private_dhm_P
 
mbedtls_mpi private_dhm_G
 
mbedtls_svc_key_id_t private_psk_opaque
 
unsigned char * private_psk
 
size_t private_psk_len
 
unsigned char * private_psk_identity
 
size_t private_psk_identity_len
 
int private_early_data_enabled
 
uint32_t private_max_early_data_size
 
const char ** private_alpn_list
 
const mbedtls_ssl_srtp_profileprivate_dtls_srtp_profile_list
 
size_t private_dtls_srtp_profile_list_len
 
uint32_t private_read_timeout
 
uint32_t private_hs_timeout_min
 
uint32_t private_hs_timeout_max
 
int private_renego_max_records
 
unsigned char private_renego_period [8]
 
unsigned int private_badmac_limit
 
unsigned int private_dhm_min_bitlen
 
mbedtls_ssl_user_data_t private_user_data
 
mbedtls_ssl_hs_cb_t private_f_cert_cb
 
const mbedtls_x509_crtprivate_dn_hints
 

Detailed Description

SSL/TLS configuration to be shared between mbedtls_ssl_context structures.

Definition at line 1453 of file ssl.h.

Field Documentation

uint8_t mbedtls_ssl_config::private_allow_legacy_renegotiation

MBEDTLS_LEGACY_XXX

Definition at line 1472 of file ssl.h.

const char** mbedtls_ssl_config::private_alpn_list

ordered list of protocols

Definition at line 1678 of file ssl.h.

uint8_t mbedtls_ssl_config::private_anti_replay

detect and prevent replay?

Definition at line 1484 of file ssl.h.

uint8_t mbedtls_ssl_config::private_authmode

MBEDTLS_SSL_VERIFY_XXX

Definition at line 1470 of file ssl.h.

unsigned int mbedtls_ssl_config::private_badmac_limit

limit of records with a bad MAC

Definition at line 1707 of file ssl.h.

mbedtls_x509_crt* mbedtls_ssl_config::private_ca_chain

trusted CAs

Definition at line 1595 of file ssl.h.

mbedtls_x509_crl* mbedtls_ssl_config::private_ca_crl

trusted CAs CRLs

Definition at line 1596 of file ssl.h.

const mbedtls_x509_crt_profile* mbedtls_ssl_config::private_cert_profile

verification profile

Definition at line 1593 of file ssl.h.

uint8_t mbedtls_ssl_config::private_cert_req_ca_list

enable sending CA list in Certificate Request messages?

Definition at line 1507 of file ssl.h.

size_t mbedtls_ssl_config::private_cid_len

The length of CIDs for incoming DTLS records.

Definition at line 1589 of file ssl.h.

const int* mbedtls_ssl_config::private_ciphersuite_list

Allowed ciphersuites for (D)TLS 1.2 (0-terminated)

Definition at line 1528 of file ssl.h.

mbedtls_mpi mbedtls_ssl_config::private_dhm_G

generator for DHM

Definition at line 1629 of file ssl.h.

unsigned int mbedtls_ssl_config::private_dhm_min_bitlen

min. bit length of the DHM prime

Definition at line 1710 of file ssl.h.

mbedtls_mpi mbedtls_ssl_config::private_dhm_P

prime modulus for DHM

Definition at line 1628 of file ssl.h.

uint8_t mbedtls_ssl_config::private_disable_renegotiation

disable renegotiation?

Definition at line 1487 of file ssl.h.

const mbedtls_x509_crt* mbedtls_ssl_config::private_dn_hints

acceptable client cert issuers

Definition at line 1725 of file ssl.h.

uint8_t mbedtls_ssl_config::private_dtls_srtp_mki_support

Definition at line 1519 of file ssl.h.

const mbedtls_ssl_srtp_profile* mbedtls_ssl_config::private_dtls_srtp_profile_list

ordered list of supported srtp profile

Definition at line 1683 of file ssl.h.

size_t mbedtls_ssl_config::private_dtls_srtp_profile_list_len

number of supported profiles

Definition at line 1685 of file ssl.h.

int mbedtls_ssl_config::private_early_data_enabled

Early data enablement:

  • MBEDTLS_SSL_EARLY_DATA_DISABLED,
  • MBEDTLS_SSL_EARLY_DATA_ENABLED

Definition at line 1666 of file ssl.h.

uint8_t mbedtls_ssl_config::private_encrypt_then_mac

negotiate encrypt-then-mac?

Definition at line 1478 of file ssl.h.

uint8_t mbedtls_ssl_config::private_endpoint

0: client, 1: server

Definition at line 1468 of file ssl.h.

uint8_t mbedtls_ssl_config::private_extended_ms

negotiate extended master secret?

Definition at line 1481 of file ssl.h.

mbedtls_ssl_async_cancel_t* mbedtls_ssl_config::private_f_async_cancel

cancel asynchronous operation

Definition at line 1609 of file ssl.h.

mbedtls_ssl_async_decrypt_t* mbedtls_ssl_config::private_f_async_decrypt_start

start asynchronous decryption operation

Definition at line 1606 of file ssl.h.

mbedtls_ssl_async_resume_t* mbedtls_ssl_config::private_f_async_resume

resume asynchronous operation

Definition at line 1608 of file ssl.h.

mbedtls_ssl_async_sign_t* mbedtls_ssl_config::private_f_async_sign_start

start asynchronous signature operation

Definition at line 1605 of file ssl.h.

mbedtls_x509_crt_ca_cb_t mbedtls_ssl_config::private_f_ca_cb

Definition at line 1598 of file ssl.h.

mbedtls_ssl_hs_cb_t mbedtls_ssl_config::private_f_cert_cb

certificate selection callback

Definition at line 1721 of file ssl.h.

int(* mbedtls_ssl_config::private_f_cookie_check)(void *, const unsigned char *, size_t, const unsigned char *, size_t)

Callback to verify validity of a ClientHello cookie

Definition at line 1574 of file ssl.h.

int(* mbedtls_ssl_config::private_f_cookie_write)(void *, unsigned char **, unsigned char *, const unsigned char *, size_t)

Callback to create & write a cookie for ClientHello verification

Definition at line 1571 of file ssl.h.

void(* mbedtls_ssl_config::private_f_dbg)(void *, int, const char *, int, const char *)

Callback for printing debug output

Definition at line 1536 of file ssl.h.

mbedtls_ssl_cache_get_t* mbedtls_ssl_config::private_f_get_cache

Callback to retrieve a session from the cache

Definition at line 1544 of file ssl.h.

int(* mbedtls_ssl_config::private_f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t)

Callback to retrieve PSK key from identity

Definition at line 1564 of file ssl.h.

int(* mbedtls_ssl_config::private_f_rng)(void *, unsigned char *, size_t)

Callback for getting (pseudo-)random numbers

Definition at line 1540 of file ssl.h.

mbedtls_ssl_cache_set_t* mbedtls_ssl_config::private_f_set_cache

Callback to store a session into the cache

Definition at line 1546 of file ssl.h.

int(* mbedtls_ssl_config::private_f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t)

Callback for setting cert according to SNI extension

Definition at line 1551 of file ssl.h.

int(* mbedtls_ssl_config::private_f_ticket_parse)(void *, mbedtls_ssl_session *, unsigned char *, size_t)

Callback to parse a session ticket into a session structure

Definition at line 1585 of file ssl.h.

int(* mbedtls_ssl_config::private_f_ticket_write)(void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t *)

Callback to create & write a session ticket

Definition at line 1581 of file ssl.h.

int(* mbedtls_ssl_config::private_f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *)

Callback to customize X.509 certificate chain verification

Definition at line 1557 of file ssl.h.

const uint16_t* mbedtls_ssl_config::private_group_list

allowed IANA NamedGroups

Definition at line 1625 of file ssl.h.

uint32_t mbedtls_ssl_config::private_hs_timeout_max

maximum value of the handshake retransmission timeout (ms)

Definition at line 1697 of file ssl.h.

uint32_t mbedtls_ssl_config::private_hs_timeout_min

initial value of the handshake retransmission timeout (ms)

Definition at line 1695 of file ssl.h.

uint8_t mbedtls_ssl_config::private_ignore_unexpected_cid

Should DTLS record with unexpected CID lead to failure?

Definition at line 1514 of file ssl.h.

mbedtls_ssl_key_cert* mbedtls_ssl_config::private_key_cert

own certificate/key pair(s)

Definition at line 1594 of file ssl.h.

uint32_t mbedtls_ssl_config::private_max_early_data_size

Definition at line 1672 of file ssl.h.

mbedtls_ssl_protocol_version mbedtls_ssl_config::private_max_tls_version

max. TLS version used

Definition at line 1459 of file ssl.h.

uint8_t mbedtls_ssl_config::private_mfl_code

desired fragment length indicator (MBEDTLS_SSL_MAX_FRAG_LEN_XXX)

Definition at line 1474 of file ssl.h.

mbedtls_ssl_protocol_version mbedtls_ssl_config::private_min_tls_version

min. TLS version used

Definition at line 1460 of file ssl.h.

uint16_t mbedtls_ssl_config::private_new_session_tickets_count

number of NewSessionTicket

Definition at line 1503 of file ssl.h.

void* mbedtls_ssl_config::private_p_async_config_data

Configuration data set by mbedtls_ssl_conf_async_private_cb().

Definition at line 1610 of file ssl.h.

void* mbedtls_ssl_config::private_p_ca_cb

Definition at line 1599 of file ssl.h.

void* mbedtls_ssl_config::private_p_cache

context for cache callbacks

Definition at line 1547 of file ssl.h.

void* mbedtls_ssl_config::private_p_cookie

context for the cookie callbacks

Definition at line 1576 of file ssl.h.

void* mbedtls_ssl_config::private_p_dbg

context for the debug function

Definition at line 1537 of file ssl.h.

void* mbedtls_ssl_config::private_p_psk

context for PSK callback

Definition at line 1565 of file ssl.h.

void* mbedtls_ssl_config::private_p_rng

context for the RNG function

Definition at line 1541 of file ssl.h.

void* mbedtls_ssl_config::private_p_sni

context for SNI callback

Definition at line 1552 of file ssl.h.

void* mbedtls_ssl_config::private_p_ticket

context for the ticket callbacks

Definition at line 1586 of file ssl.h.

void* mbedtls_ssl_config::private_p_vrfy

context for X.509 verify calllback

Definition at line 1558 of file ssl.h.

unsigned char* mbedtls_ssl_config::private_psk

The raw pre-shared key. This field should only be set via mbedtls_ssl_conf_psk(). If either no PSK or an opaque PSK have been configured, this has value NULL.

Definition at line 1642 of file ssl.h.

unsigned char* mbedtls_ssl_config::private_psk_identity

The PSK identity for PSK negotiation. This field should only be set via mbedtls_ssl_conf_psk(). This is set if and only if either psk or psk_opaque are set.

Definition at line 1652 of file ssl.h.

size_t mbedtls_ssl_config::private_psk_identity_len

The length of PSK identity. This field should only be set via mbedtls_ssl_conf_psk(). Its value is non-zero if and only if psk is not NULL or psk_opaque is not 0.

Definition at line 1657 of file ssl.h.

size_t mbedtls_ssl_config::private_psk_len

The length of the raw pre-shared key. This field should only be set via mbedtls_ssl_conf_psk(). Its value is non-zero if and only if psk is not NULL.

Definition at line 1646 of file ssl.h.

mbedtls_svc_key_id_t mbedtls_ssl_config::private_psk_opaque

PSA key slot holding opaque PSK. This field should only be set via mbedtls_ssl_conf_psk_opaque(). If either no PSK or a raw PSK have been configured, this has value 0.

Definition at line 1635 of file ssl.h.

uint32_t mbedtls_ssl_config::private_read_timeout

timeout for mbedtls_ssl_read (ms)

Definition at line 1692 of file ssl.h.

int mbedtls_ssl_config::private_renego_max_records

grace period for renegotiation

Definition at line 1702 of file ssl.h.

unsigned char mbedtls_ssl_config::private_renego_period[8]

value of the record counters that triggers renegotiation

Definition at line 1703 of file ssl.h.

uint8_t mbedtls_ssl_config::private_respect_cli_pref

pick the ciphersuite according to the client's preferences rather than ours?

Definition at line 1509 of file ssl.h.

uint8_t mbedtls_ssl_config::private_session_tickets

Encodes two booleans, one stating whether TLS 1.2 session tickets are enabled or not, the other one whether the handling of TLS 1.3 NewSessionTicket messages is enabled or not. They are respectively set by mbedtls_ssl_conf_session_tickets() and mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets().use session tickets?

Definition at line 1497 of file ssl.h.

const uint16_t* mbedtls_ssl_config::private_sig_algs

allowed signature algorithms

Definition at line 1618 of file ssl.h.

int mbedtls_ssl_config::private_tls13_kex_modes

Allowed TLS 1.3 key exchange modes.

Definition at line 1532 of file ssl.h.

uint8_t mbedtls_ssl_config::private_transport

0: stream (TLS), 1: datagram (DTLS)

Definition at line 1469 of file ssl.h.

mbedtls_ssl_user_data_t mbedtls_ssl_config::private_user_data

User data pointer or handle.

The library sets this to 0 when creating a context and does not access it afterwards.

Definition at line 1718 of file ssl.h.


The documentation for this struct was generated from the following file: