Mbed TLS v2.28.10
Data Fields
mbedtls_ssl_config Struct Reference

#include <ssl.h>

Collaboration diagram for mbedtls_ssl_config:
Collaboration graph
[legend]

Data Fields

unsigned char max_major_ver
 
unsigned char max_minor_ver
 
unsigned char min_major_ver
 
unsigned char min_minor_ver
 
uint8_t endpoint
 
uint8_t transport
 
uint8_t authmode
 
uint8_t allow_legacy_renegotiation
 
uint8_t arc4_disabled
 
uint8_t mfl_code
 
uint8_t encrypt_then_mac
 
uint8_t extended_ms
 
uint8_t anti_replay
 
uint8_t cbc_record_splitting
 
uint8_t disable_renegotiation
 
uint8_t trunc_hmac
 
uint8_t session_tickets
 
uint8_t fallback
 
uint8_t cert_req_ca_list
 
uint8_t dtls_srtp_mki_support
 
uint32_t read_timeout
 
uint32_t hs_timeout_min
 
uint32_t hs_timeout_max
 
int renego_max_records
 
unsigned char renego_period [8]
 
unsigned int badmac_limit
 
unsigned int dhm_min_bitlen
 
const int * ciphersuite_list [4]
 
void(* f_dbg )(void *, int, const char *, int, const char *)
 
void * p_dbg
 
int(* f_rng )(void *, unsigned char *, size_t)
 
void * p_rng
 
int(* f_get_cache )(void *, mbedtls_ssl_session *)
 
int(* f_set_cache )(void *, const mbedtls_ssl_session *)
 
void * p_cache
 
int(* f_sni )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
 
void * p_sni
 
int(* f_vrfy )(void *, mbedtls_x509_crt *, int, uint32_t *)
 
void * p_vrfy
 
int(* f_psk )(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
 
void * p_psk
 
int(* f_cookie_write )(void *, unsigned char **, unsigned char *, const unsigned char *, size_t)
 
int(* f_cookie_check )(void *, const unsigned char *, size_t, const unsigned char *, size_t)
 
void * p_cookie
 
int(* f_ticket_write )(void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t *)
 
int(* f_ticket_parse )(void *, mbedtls_ssl_session *, unsigned char *, size_t)
 
void * p_ticket
 
int(* f_export_keys )(void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t)
 
int(* f_export_keys_ext )(void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t, const unsigned char[32], const unsigned char[32], mbedtls_tls_prf_types)
 
void * p_export_keys
 
const mbedtls_x509_crt_profilecert_profile
 
mbedtls_ssl_key_certkey_cert
 
mbedtls_x509_crtca_chain
 
mbedtls_x509_crlca_crl
 
const int * sig_hashes
 
const mbedtls_ecp_group_idcurve_list
 
mbedtls_mpi dhm_P
 
mbedtls_mpi dhm_G
 
unsigned char * psk
 
size_t psk_len
 
unsigned char * psk_identity
 
size_t psk_identity_len
 
const char ** alpn_list
 
const mbedtls_ssl_srtp_profiledtls_srtp_profile_list
 
size_t dtls_srtp_profile_list_len
 

Detailed Description

SSL/TLS configuration to be shared between mbedtls_ssl_context structures.

Definition at line 1044 of file ssl.h.

Field Documentation

uint8_t mbedtls_ssl_config::allow_legacy_renegotiation

MBEDTLS_LEGACY_XXX

Definition at line 1066 of file ssl.h.

const char** mbedtls_ssl_config::alpn_list

ordered list of protocols

Definition at line 1281 of file ssl.h.

uint8_t mbedtls_ssl_config::anti_replay

detect and prevent replay?

Definition at line 1080 of file ssl.h.

uint8_t mbedtls_ssl_config::arc4_disabled

blacklist RC4 ciphersuites?

Definition at line 1068 of file ssl.h.

uint8_t mbedtls_ssl_config::authmode

MBEDTLS_SSL_VERIFY_XXX

Definition at line 1064 of file ssl.h.

unsigned int mbedtls_ssl_config::badmac_limit

limit of records with a bad MAC

Definition at line 1131 of file ssl.h.

mbedtls_x509_crt* mbedtls_ssl_config::ca_chain

trusted CAs

Definition at line 1215 of file ssl.h.

mbedtls_x509_crl* mbedtls_ssl_config::ca_crl

trusted CAs CRLs

Definition at line 1216 of file ssl.h.

uint8_t mbedtls_ssl_config::cbc_record_splitting

do cbc record splitting

Definition at line 1083 of file ssl.h.

const mbedtls_x509_crt_profile* mbedtls_ssl_config::cert_profile

verification profile

Definition at line 1213 of file ssl.h.

uint8_t mbedtls_ssl_config::cert_req_ca_list

enable sending CA list in Certificate Request messages?

Definition at line 1098 of file ssl.h.

const int* mbedtls_ssl_config::ciphersuite_list[4]

allowed ciphersuites per version

Definition at line 1142 of file ssl.h.

const mbedtls_ecp_group_id* mbedtls_ssl_config::curve_list

allowed curves

Definition at line 1238 of file ssl.h.

mbedtls_mpi mbedtls_ssl_config::dhm_G

generator for DHM

Definition at line 1243 of file ssl.h.

unsigned int mbedtls_ssl_config::dhm_min_bitlen

min. bit length of the DHM prime

Definition at line 1135 of file ssl.h.

mbedtls_mpi mbedtls_ssl_config::dhm_P

prime modulus for DHM

Definition at line 1242 of file ssl.h.

uint8_t mbedtls_ssl_config::disable_renegotiation

disable renegotiation?

Definition at line 1086 of file ssl.h.

uint8_t mbedtls_ssl_config::dtls_srtp_mki_support

support having mki_value in the use_srtp extension?

Definition at line 1107 of file ssl.h.

const mbedtls_ssl_srtp_profile* mbedtls_ssl_config::dtls_srtp_profile_list

ordered list of supported srtp profile

Definition at line 1286 of file ssl.h.

size_t mbedtls_ssl_config::dtls_srtp_profile_list_len

number of supported profiles

Definition at line 1288 of file ssl.h.

uint8_t mbedtls_ssl_config::encrypt_then_mac

negotiate encrypt-then-mac?

Definition at line 1074 of file ssl.h.

uint8_t mbedtls_ssl_config::endpoint

0: client, 1: server

Definition at line 1062 of file ssl.h.

uint8_t mbedtls_ssl_config::extended_ms

negotiate extended master secret?

Definition at line 1077 of file ssl.h.

int(* mbedtls_ssl_config::f_cookie_check) (void *, const unsigned char *, size_t, const unsigned char *, size_t)

Callback to verify validity of a ClientHello cookie

Definition at line 1181 of file ssl.h.

int(* mbedtls_ssl_config::f_cookie_write) (void *, unsigned char **, unsigned char *, const unsigned char *, size_t)

Callback to create & write a cookie for ClientHello verification

Definition at line 1178 of file ssl.h.

void(* mbedtls_ssl_config::f_dbg) (void *, int, const char *, int, const char *)

Callback for printing debug output

Definition at line 1145 of file ssl.h.

int(* mbedtls_ssl_config::f_export_keys) (void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t)

Callback to export key block and master secret

Definition at line 1197 of file ssl.h.

int(* mbedtls_ssl_config::f_export_keys_ext) (void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t, const unsigned char[32], const unsigned char[32], mbedtls_tls_prf_types)

Callback to export key block, master secret, tls_prf and random bytes. Should replace f_export_keys

Definition at line 1201 of file ssl.h.

int(* mbedtls_ssl_config::f_get_cache) (void *, mbedtls_ssl_session *)

Callback to retrieve a session from the cache

Definition at line 1153 of file ssl.h.

int(* mbedtls_ssl_config::f_psk) (void *, mbedtls_ssl_context *, const unsigned char *, size_t)

Callback to retrieve PSK key from identity

Definition at line 1172 of file ssl.h.

int(* mbedtls_ssl_config::f_rng) (void *, unsigned char *, size_t)

Callback for getting (pseudo-)random numbers

Definition at line 1149 of file ssl.h.

int(* mbedtls_ssl_config::f_set_cache) (void *, const mbedtls_ssl_session *)

Callback to store a session into the cache

Definition at line 1155 of file ssl.h.

int(* mbedtls_ssl_config::f_sni) (void *, mbedtls_ssl_context *, const unsigned char *, size_t)

Callback for setting cert according to SNI extension

Definition at line 1160 of file ssl.h.

int(* mbedtls_ssl_config::f_ticket_parse) (void *, mbedtls_ssl_session *, unsigned char *, size_t)

Callback to parse a session ticket into a session structure

Definition at line 1191 of file ssl.h.

int(* mbedtls_ssl_config::f_ticket_write) (void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t *)

Callback to create & write a session ticket

Definition at line 1188 of file ssl.h.

int(* mbedtls_ssl_config::f_vrfy) (void *, mbedtls_x509_crt *, int, uint32_t *)

Callback to customize X.509 certificate chain verification

Definition at line 1166 of file ssl.h.

uint8_t mbedtls_ssl_config::fallback

is this a fallback?

Definition at line 1095 of file ssl.h.

uint32_t mbedtls_ssl_config::hs_timeout_max

maximum value of the handshake retransmission timeout (ms)

Definition at line 1120 of file ssl.h.

uint32_t mbedtls_ssl_config::hs_timeout_min

initial value of the handshake retransmission timeout (ms)

Definition at line 1118 of file ssl.h.

mbedtls_ssl_key_cert* mbedtls_ssl_config::key_cert

own certificate/key pair(s)

Definition at line 1214 of file ssl.h.

unsigned char mbedtls_ssl_config::max_major_ver

max. major version used

Definition at line 1051 of file ssl.h.

unsigned char mbedtls_ssl_config::max_minor_ver

max. minor version used

Definition at line 1052 of file ssl.h.

uint8_t mbedtls_ssl_config::mfl_code

desired fragment length

Definition at line 1071 of file ssl.h.

unsigned char mbedtls_ssl_config::min_major_ver

min. major version used

Definition at line 1053 of file ssl.h.

unsigned char mbedtls_ssl_config::min_minor_ver

min. minor version used

Definition at line 1054 of file ssl.h.

void* mbedtls_ssl_config::p_cache

context for cache callbacks

Definition at line 1156 of file ssl.h.

void* mbedtls_ssl_config::p_cookie

context for the cookie callbacks

Definition at line 1183 of file ssl.h.

void* mbedtls_ssl_config::p_dbg

context for the debug function

Definition at line 1146 of file ssl.h.

void* mbedtls_ssl_config::p_export_keys

context for key export callback

Definition at line 1205 of file ssl.h.

void* mbedtls_ssl_config::p_psk

context for PSK callback

Definition at line 1173 of file ssl.h.

void* mbedtls_ssl_config::p_rng

context for the RNG function

Definition at line 1150 of file ssl.h.

void* mbedtls_ssl_config::p_sni

context for SNI callback

Definition at line 1161 of file ssl.h.

void* mbedtls_ssl_config::p_ticket

context for the ticket callbacks

Definition at line 1192 of file ssl.h.

void* mbedtls_ssl_config::p_vrfy

context for X.509 verify calllback

Definition at line 1167 of file ssl.h.

unsigned char* mbedtls_ssl_config::psk

The raw pre-shared key. This field should only be set via mbedtls_ssl_conf_psk(). If either no PSK or an opaque PSK have been configured, this has value NULL.

Definition at line 1257 of file ssl.h.

unsigned char* mbedtls_ssl_config::psk_identity

The PSK identity for PSK negotiation. This field should only be set via mbedtls_ssl_conf_psk(). This is set if and only if either psk or psk_opaque are set.

Definition at line 1267 of file ssl.h.

size_t mbedtls_ssl_config::psk_identity_len

The length of PSK identity. This field should only be set via mbedtls_ssl_conf_psk(). Its value is non-zero if and only if psk is not NULL or psk_opaque is not 0.

Definition at line 1272 of file ssl.h.

size_t mbedtls_ssl_config::psk_len

The length of the raw pre-shared key. This field should only be set via mbedtls_ssl_conf_psk(). Its value is non-zero if and only if psk is not NULL.

Definition at line 1261 of file ssl.h.

uint32_t mbedtls_ssl_config::read_timeout

timeout for mbedtls_ssl_read (ms)

Definition at line 1115 of file ssl.h.

int mbedtls_ssl_config::renego_max_records

grace period for renegotiation

Definition at line 1125 of file ssl.h.

unsigned char mbedtls_ssl_config::renego_period[8]

value of the record counters that triggers renegotiation

Definition at line 1126 of file ssl.h.

uint8_t mbedtls_ssl_config::session_tickets

use session tickets?

Definition at line 1092 of file ssl.h.

const int* mbedtls_ssl_config::sig_hashes

allowed signature hashes

Definition at line 1234 of file ssl.h.

uint8_t mbedtls_ssl_config::transport

stream (TLS) or datagram (DTLS)

Definition at line 1063 of file ssl.h.

uint8_t mbedtls_ssl_config::trunc_hmac

negotiate truncated hmac?

Definition at line 1089 of file ssl.h.


The documentation for this struct was generated from the following file: