Mbed TLS v3.6.0
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Data Fields
mbedtls_ssl_config Struct Reference

#include <ssl.h>

Collaboration diagram for mbedtls_ssl_config:
Collaboration graph
[legend]

Data Fields

mbedtls_ssl_protocol_version private_max_tls_version
 
mbedtls_ssl_protocol_version private_min_tls_version
 
uint8_t private_endpoint
 
uint8_t private_transport
 
uint8_t private_authmode
 
uint8_t private_allow_legacy_renegotiation
 
uint8_t private_mfl_code
 
uint8_t private_encrypt_then_mac
 
uint8_t private_extended_ms
 
uint8_t private_anti_replay
 
uint8_t private_disable_renegotiation
 
uint8_t private_session_tickets
 
uint16_t private_new_session_tickets_count
 
uint8_t private_cert_req_ca_list
 
uint8_t private_respect_cli_pref
 
uint8_t private_ignore_unexpected_cid
 
uint8_t private_dtls_srtp_mki_support
 
const int * private_ciphersuite_list
 
int private_tls13_kex_modes
 
void(* private_f_dbg )(void *, int, const char *, int, const char *)
 
void * private_p_dbg
 
int(* private_f_rng )(void *, unsigned char *, size_t)
 
void * private_p_rng
 
mbedtls_ssl_cache_get_tprivate_f_get_cache
 
mbedtls_ssl_cache_set_tprivate_f_set_cache
 
void * private_p_cache
 
int(* private_f_sni )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
 
void * private_p_sni
 
int(* private_f_vrfy )(void *, mbedtls_x509_crt *, int, uint32_t *)
 
void * private_p_vrfy
 
int(* private_f_psk )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
 
void * private_p_psk
 
int(* private_f_cookie_write )(void *, unsigned char **, unsigned char *, const unsigned char *, size_t)
 
int(* private_f_cookie_check )(void *, const unsigned char *, size_t, const unsigned char *, size_t)
 
void * private_p_cookie
 
int(* private_f_ticket_write )(void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t *)
 
int(* private_f_ticket_parse )(void *, mbedtls_ssl_session *, unsigned char *, size_t)
 
void * private_p_ticket
 
size_t private_cid_len
 
const mbedtls_x509_crt_profileprivate_cert_profile
 
mbedtls_ssl_key_certprivate_key_cert
 
mbedtls_x509_crtprivate_ca_chain
 
mbedtls_x509_crlprivate_ca_crl
 
mbedtls_x509_crt_ca_cb_t private_f_ca_cb
 
void * private_p_ca_cb
 
mbedtls_ssl_async_sign_tprivate_f_async_sign_start
 
mbedtls_ssl_async_decrypt_tprivate_f_async_decrypt_start
 
mbedtls_ssl_async_resume_tprivate_f_async_resume
 
mbedtls_ssl_async_cancel_tprivate_f_async_cancel
 
void * private_p_async_config_data
 
const uint16_t * private_sig_algs
 
const uint16_t * private_group_list
 
mbedtls_mpi private_dhm_P
 
mbedtls_mpi private_dhm_G
 
mbedtls_svc_key_id_t private_psk_opaque
 
unsigned char * private_psk
 
size_t private_psk_len
 
unsigned char * private_psk_identity
 
size_t private_psk_identity_len
 
int private_early_data_enabled
 
uint32_t private_max_early_data_size
 
const char ** private_alpn_list
 
const mbedtls_ssl_srtp_profileprivate_dtls_srtp_profile_list
 
size_t private_dtls_srtp_profile_list_len
 
uint32_t private_read_timeout
 
uint32_t private_hs_timeout_min
 
uint32_t private_hs_timeout_max
 
int private_renego_max_records
 
unsigned char private_renego_period [8]
 
unsigned int private_badmac_limit
 
unsigned int private_dhm_min_bitlen
 
mbedtls_ssl_user_data_t private_user_data
 
mbedtls_ssl_hs_cb_t private_f_cert_cb
 
const mbedtls_x509_crtprivate_dn_hints
 

Detailed Description

SSL/TLS configuration to be shared between mbedtls_ssl_context structures.

Definition at line 1417 of file ssl.h.

Field Documentation

uint8_t mbedtls_ssl_config::private_allow_legacy_renegotiation

MBEDTLS_LEGACY_XXX

Definition at line 1436 of file ssl.h.

const char** mbedtls_ssl_config::private_alpn_list

ordered list of protocols

Definition at line 1636 of file ssl.h.

uint8_t mbedtls_ssl_config::private_anti_replay

detect and prevent replay?

Definition at line 1448 of file ssl.h.

uint8_t mbedtls_ssl_config::private_authmode

MBEDTLS_SSL_VERIFY_XXX

Definition at line 1434 of file ssl.h.

unsigned int mbedtls_ssl_config::private_badmac_limit

limit of records with a bad MAC

Definition at line 1665 of file ssl.h.

mbedtls_x509_crt* mbedtls_ssl_config::private_ca_chain

trusted CAs

Definition at line 1553 of file ssl.h.

mbedtls_x509_crl* mbedtls_ssl_config::private_ca_crl

trusted CAs CRLs

Definition at line 1554 of file ssl.h.

const mbedtls_x509_crt_profile* mbedtls_ssl_config::private_cert_profile

verification profile

Definition at line 1551 of file ssl.h.

uint8_t mbedtls_ssl_config::private_cert_req_ca_list

enable sending CA list in Certificate Request messages?

Definition at line 1465 of file ssl.h.

size_t mbedtls_ssl_config::private_cid_len

The length of CIDs for incoming DTLS records.

Definition at line 1547 of file ssl.h.

const int* mbedtls_ssl_config::private_ciphersuite_list

Allowed ciphersuites for (D)TLS 1.2 (0-terminated)

Definition at line 1486 of file ssl.h.

mbedtls_mpi mbedtls_ssl_config::private_dhm_G

generator for DHM

Definition at line 1587 of file ssl.h.

unsigned int mbedtls_ssl_config::private_dhm_min_bitlen

min. bit length of the DHM prime

Definition at line 1668 of file ssl.h.

mbedtls_mpi mbedtls_ssl_config::private_dhm_P

prime modulus for DHM

Definition at line 1586 of file ssl.h.

uint8_t mbedtls_ssl_config::private_disable_renegotiation

disable renegotiation?

Definition at line 1451 of file ssl.h.

const mbedtls_x509_crt* mbedtls_ssl_config::private_dn_hints

acceptable client cert issuers

Definition at line 1683 of file ssl.h.

uint8_t mbedtls_ssl_config::private_dtls_srtp_mki_support

Definition at line 1477 of file ssl.h.

const mbedtls_ssl_srtp_profile* mbedtls_ssl_config::private_dtls_srtp_profile_list

ordered list of supported srtp profile

Definition at line 1641 of file ssl.h.

size_t mbedtls_ssl_config::private_dtls_srtp_profile_list_len

number of supported profiles

Definition at line 1643 of file ssl.h.

int mbedtls_ssl_config::private_early_data_enabled

Early data enablement:

  • MBEDTLS_SSL_EARLY_DATA_DISABLED,
  • MBEDTLS_SSL_EARLY_DATA_ENABLED

Definition at line 1624 of file ssl.h.

uint8_t mbedtls_ssl_config::private_encrypt_then_mac

negotiate encrypt-then-mac?

Definition at line 1442 of file ssl.h.

uint8_t mbedtls_ssl_config::private_endpoint

0: client, 1: server

Definition at line 1432 of file ssl.h.

uint8_t mbedtls_ssl_config::private_extended_ms

negotiate extended master secret?

Definition at line 1445 of file ssl.h.

mbedtls_ssl_async_cancel_t* mbedtls_ssl_config::private_f_async_cancel

cancel asynchronous operation

Definition at line 1567 of file ssl.h.

mbedtls_ssl_async_decrypt_t* mbedtls_ssl_config::private_f_async_decrypt_start

start asynchronous decryption operation

Definition at line 1564 of file ssl.h.

mbedtls_ssl_async_resume_t* mbedtls_ssl_config::private_f_async_resume

resume asynchronous operation

Definition at line 1566 of file ssl.h.

mbedtls_ssl_async_sign_t* mbedtls_ssl_config::private_f_async_sign_start

start asynchronous signature operation

Definition at line 1563 of file ssl.h.

mbedtls_x509_crt_ca_cb_t mbedtls_ssl_config::private_f_ca_cb

Definition at line 1556 of file ssl.h.

mbedtls_ssl_hs_cb_t mbedtls_ssl_config::private_f_cert_cb

certificate selection callback

Definition at line 1679 of file ssl.h.

int(* mbedtls_ssl_config::private_f_cookie_check)(void *, const unsigned char *, size_t, const unsigned char *, size_t)

Callback to verify validity of a ClientHello cookie

Definition at line 1532 of file ssl.h.

int(* mbedtls_ssl_config::private_f_cookie_write)(void *, unsigned char **, unsigned char *, const unsigned char *, size_t)

Callback to create & write a cookie for ClientHello verification

Definition at line 1529 of file ssl.h.

void(* mbedtls_ssl_config::private_f_dbg)(void *, int, const char *, int, const char *)

Callback for printing debug output

Definition at line 1494 of file ssl.h.

mbedtls_ssl_cache_get_t* mbedtls_ssl_config::private_f_get_cache

Callback to retrieve a session from the cache

Definition at line 1502 of file ssl.h.

int(* mbedtls_ssl_config::private_f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t)

Callback to retrieve PSK key from identity

Definition at line 1522 of file ssl.h.

int(* mbedtls_ssl_config::private_f_rng)(void *, unsigned char *, size_t)

Callback for getting (pseudo-)random numbers

Definition at line 1498 of file ssl.h.

mbedtls_ssl_cache_set_t* mbedtls_ssl_config::private_f_set_cache

Callback to store a session into the cache

Definition at line 1504 of file ssl.h.

int(* mbedtls_ssl_config::private_f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t)

Callback for setting cert according to SNI extension

Definition at line 1509 of file ssl.h.

int(* mbedtls_ssl_config::private_f_ticket_parse)(void *, mbedtls_ssl_session *, unsigned char *, size_t)

Callback to parse a session ticket into a session structure

Definition at line 1543 of file ssl.h.

int(* mbedtls_ssl_config::private_f_ticket_write)(void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t *)

Callback to create & write a session ticket

Definition at line 1539 of file ssl.h.

int(* mbedtls_ssl_config::private_f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *)

Callback to customize X.509 certificate chain verification

Definition at line 1515 of file ssl.h.

const uint16_t* mbedtls_ssl_config::private_group_list

allowed IANA NamedGroups

Definition at line 1583 of file ssl.h.

uint32_t mbedtls_ssl_config::private_hs_timeout_max

maximum value of the handshake retransmission timeout (ms)

Definition at line 1655 of file ssl.h.

uint32_t mbedtls_ssl_config::private_hs_timeout_min

initial value of the handshake retransmission timeout (ms)

Definition at line 1653 of file ssl.h.

uint8_t mbedtls_ssl_config::private_ignore_unexpected_cid

Should DTLS record with unexpected CID lead to failure?

Definition at line 1472 of file ssl.h.

mbedtls_ssl_key_cert* mbedtls_ssl_config::private_key_cert

own certificate/key pair(s)

Definition at line 1552 of file ssl.h.

uint32_t mbedtls_ssl_config::private_max_early_data_size

Definition at line 1630 of file ssl.h.

mbedtls_ssl_protocol_version mbedtls_ssl_config::private_max_tls_version

max. TLS version used

Definition at line 1423 of file ssl.h.

uint8_t mbedtls_ssl_config::private_mfl_code

desired fragment length indicator (MBEDTLS_SSL_MAX_FRAG_LEN_XXX)

Definition at line 1438 of file ssl.h.

mbedtls_ssl_protocol_version mbedtls_ssl_config::private_min_tls_version

min. TLS version used

Definition at line 1424 of file ssl.h.

uint16_t mbedtls_ssl_config::private_new_session_tickets_count

number of NewSessionTicket

Definition at line 1461 of file ssl.h.

void* mbedtls_ssl_config::private_p_async_config_data

Configuration data set by mbedtls_ssl_conf_async_private_cb().

Definition at line 1568 of file ssl.h.

void* mbedtls_ssl_config::private_p_ca_cb

Definition at line 1557 of file ssl.h.

void* mbedtls_ssl_config::private_p_cache

context for cache callbacks

Definition at line 1505 of file ssl.h.

void* mbedtls_ssl_config::private_p_cookie

context for the cookie callbacks

Definition at line 1534 of file ssl.h.

void* mbedtls_ssl_config::private_p_dbg

context for the debug function

Definition at line 1495 of file ssl.h.

void* mbedtls_ssl_config::private_p_psk

context for PSK callback

Definition at line 1523 of file ssl.h.

void* mbedtls_ssl_config::private_p_rng

context for the RNG function

Definition at line 1499 of file ssl.h.

void* mbedtls_ssl_config::private_p_sni

context for SNI callback

Definition at line 1510 of file ssl.h.

void* mbedtls_ssl_config::private_p_ticket

context for the ticket callbacks

Definition at line 1544 of file ssl.h.

void* mbedtls_ssl_config::private_p_vrfy

context for X.509 verify calllback

Definition at line 1516 of file ssl.h.

unsigned char* mbedtls_ssl_config::private_psk

The raw pre-shared key. This field should only be set via mbedtls_ssl_conf_psk(). If either no PSK or an opaque PSK have been configured, this has value NULL.

Definition at line 1600 of file ssl.h.

unsigned char* mbedtls_ssl_config::private_psk_identity

The PSK identity for PSK negotiation. This field should only be set via mbedtls_ssl_conf_psk(). This is set if and only if either psk or psk_opaque are set.

Definition at line 1610 of file ssl.h.

size_t mbedtls_ssl_config::private_psk_identity_len

The length of PSK identity. This field should only be set via mbedtls_ssl_conf_psk(). Its value is non-zero if and only if psk is not NULL or psk_opaque is not 0.

Definition at line 1615 of file ssl.h.

size_t mbedtls_ssl_config::private_psk_len

The length of the raw pre-shared key. This field should only be set via mbedtls_ssl_conf_psk(). Its value is non-zero if and only if psk is not NULL.

Definition at line 1604 of file ssl.h.

mbedtls_svc_key_id_t mbedtls_ssl_config::private_psk_opaque

PSA key slot holding opaque PSK. This field should only be set via mbedtls_ssl_conf_psk_opaque(). If either no PSK or a raw PSK have been configured, this has value 0.

Definition at line 1593 of file ssl.h.

uint32_t mbedtls_ssl_config::private_read_timeout

timeout for mbedtls_ssl_read (ms)

Definition at line 1650 of file ssl.h.

int mbedtls_ssl_config::private_renego_max_records

grace period for renegotiation

Definition at line 1660 of file ssl.h.

unsigned char mbedtls_ssl_config::private_renego_period[8]

value of the record counters that triggers renegotiation

Definition at line 1661 of file ssl.h.

uint8_t mbedtls_ssl_config::private_respect_cli_pref

pick the ciphersuite according to the client's preferences rather than ours?

Definition at line 1467 of file ssl.h.

uint8_t mbedtls_ssl_config::private_session_tickets

use session tickets?

Definition at line 1455 of file ssl.h.

const uint16_t* mbedtls_ssl_config::private_sig_algs

allowed signature algorithms

Definition at line 1576 of file ssl.h.

int mbedtls_ssl_config::private_tls13_kex_modes

Allowed TLS 1.3 key exchange modes.

Definition at line 1490 of file ssl.h.

uint8_t mbedtls_ssl_config::private_transport

0: stream (TLS), 1: datagram (DTLS)

Definition at line 1433 of file ssl.h.

mbedtls_ssl_user_data_t mbedtls_ssl_config::private_user_data

User data pointer or handle.

The library sets this to 0 when creating a context and does not access it afterwards.

Definition at line 1676 of file ssl.h.


The documentation for this struct was generated from the following file: