bc10e641c51f0b717a56f554b5c8551fdecd60ea
4 * \brief Configuration options (set of defines)
6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
7 * SPDX-License-Identifier: Apache-2.0
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
21 * This file is part of mbed TLS (https://tls.mbed.org)
25 * This set of compile-time options may be used to enable
26 * or disable features selectively, and reduce the global
29 #ifndef MBEDTLS_CONFIG_H
30 #define MBEDTLS_CONFIG_H
33 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
34 #define _CRT_SECURE_NO_DEPRECATE 1
39 * \name SECTION: System support
41 * This section sets system specific settings.
46 * \def MBEDTLS_HAVE_ASM
48 * The compiler has support for asm().
50 * Requires support for asm() in compiler.
55 * include/mbedtls/bn_mul.h
57 * Comment to disable the use of assembly code.
59 #define MBEDTLS_HAVE_ASM
62 * \def MBEDTLS_HAVE_SSE2
64 * CPU supports SSE2 instruction set.
66 * Uncomment if the CPU supports SSE2 (IA-32 specific).
68 #define MBEDTLS_HAVE_SSE2 /* swyter: disable this if you want to support platforms < Pentium 4 */
71 * \def MBEDTLS_HAVE_TIME
73 * System has time.h and time().
74 * The time does not need to be correct, only time differences are used,
75 * by contrast with MBEDTLS_HAVE_TIME_DATE
77 * Comment if your system does not support time functions
79 #define MBEDTLS_HAVE_TIME
82 * \def MBEDTLS_HAVE_TIME_DATE
84 * System has time.h and time(), gmtime() and the clock is correct.
85 * The time needs to be correct (not necesarily very accurate, but at least
86 * the date should be correct). This is used to verify the validity period of
89 * Comment if your system does not have a correct clock.
91 #define MBEDTLS_HAVE_TIME_DATE
94 * \def MBEDTLS_PLATFORM_MEMORY
96 * Enable the memory allocation layer.
98 * By default mbed TLS uses the system-provided calloc() and free().
99 * This allows different allocators (self-implemented or provided) to be
100 * provided to the platform abstraction layer.
102 * Enabling MBEDTLS_PLATFORM_MEMORY without the
103 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
104 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
105 * free() function pointer at runtime.
107 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
108 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
109 * alternate function at compile time.
111 * Requires: MBEDTLS_PLATFORM_C
113 * Enable this layer to allow use of alternative memory allocators.
115 //#define MBEDTLS_PLATFORM_MEMORY
118 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
120 * Do not assign standard functions in the platform layer (e.g. calloc() to
121 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
123 * This makes sure there are no linking errors on platforms that do not support
124 * these functions. You will HAVE to provide alternatives, either at runtime
125 * via the platform_set_xxx() functions or at compile time by setting
126 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
127 * MBEDTLS_PLATFORM_XXX_MACRO.
129 * Requires: MBEDTLS_PLATFORM_C
131 * Uncomment to prevent default assignment of standard functions in the
134 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
137 * \def MBEDTLS_PLATFORM_XXX_ALT
139 * Uncomment a macro to let mbed TLS support the function in the platform
142 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
143 * provide a function "mbedtls_platform_set_printf()" that allows you to set an
144 * alternative printf function pointer.
146 * All these define require MBEDTLS_PLATFORM_C to be defined!
148 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
149 * it will be enabled automatically by check_config.h
151 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
152 * MBEDTLS_PLATFORM_XXX_MACRO!
154 * Uncomment a macro to enable alternate implementation of specific base
157 //#define MBEDTLS_PLATFORM_EXIT_ALT
158 //#define MBEDTLS_PLATFORM_FPRINTF_ALT
159 //#define MBEDTLS_PLATFORM_PRINTF_ALT
160 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT
163 * \def MBEDTLS_DEPRECATED_WARNING
165 * Mark deprecated functions so that they generate a warning if used.
166 * Functions deprecated in one version will usually be removed in the next
167 * version. You can enable this to help you prepare the transition to a new
168 * major version by making sure your code is not using these functions.
170 * This only works with GCC and Clang. With other compilers, you may want to
171 * use MBEDTLS_DEPRECATED_REMOVED
173 * Uncomment to get warnings on using deprecated functions.
175 //#define MBEDTLS_DEPRECATED_WARNING
178 * \def MBEDTLS_DEPRECATED_REMOVED
180 * Remove deprecated functions so that they generate an error if used.
181 * Functions deprecated in one version will usually be removed in the next
182 * version. You can enable this to help you prepare the transition to a new
183 * major version by making sure your code is not using these functions.
185 * Uncomment to get errors on using deprecated functions.
187 #define MBEDTLS_DEPRECATED_REMOVED /* swyter: we are explictily using the new API set */
189 /* \} name SECTION: System support */
192 * \name SECTION: mbed TLS feature support
194 * This section sets support for features that are or are not needed
195 * within the modules that are enabled.
200 * \def MBEDTLS_TIMING_ALT
202 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
203 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
205 * Only works if you have MBEDTLS_TIMING_C enabled.
207 * You will need to provide a header "timing_alt.h" and an implementation at
210 //#define MBEDTLS_TIMING_ALT
213 * \def MBEDTLS__MODULE_NAME__ALT
215 * Uncomment a macro to let mbed TLS use your alternate core implementation of
216 * a symmetric crypto or hash module (e.g. platform specific assembly
217 * optimized implementations). Keep in mind that the function prototypes
218 * should remain the same.
220 * This replaces the whole module. If you only want to replace one of the
221 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
223 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
224 * provide the "struct mbedtls_aes_context" definition and omit the base function
225 * declarations and implementations. "aes_alt.h" will be included from
226 * "aes.h" to include the new function definitions.
228 * Uncomment a macro to enable alternate implementation of the corresponding
231 //#define MBEDTLS_AES_ALT
232 //#define MBEDTLS_ARC4_ALT
233 //#define MBEDTLS_BLOWFISH_ALT
234 //#define MBEDTLS_CAMELLIA_ALT
235 //#define MBEDTLS_DES_ALT
236 //#define MBEDTLS_XTEA_ALT
237 //#define MBEDTLS_MD2_ALT
238 //#define MBEDTLS_MD4_ALT
239 //#define MBEDTLS_MD5_ALT
240 //#define MBEDTLS_RIPEMD160_ALT
241 //#define MBEDTLS_SHA1_ALT
242 //#define MBEDTLS_SHA256_ALT
243 //#define MBEDTLS_SHA512_ALT
246 * \def MBEDTLS__FUNCTION_NAME__ALT
248 * Uncomment a macro to let mbed TLS use you alternate core implementation of
249 * symmetric crypto or hash function. Keep in mind that function prototypes
250 * should remain the same.
252 * This replaces only one function. The header file from mbed TLS is still
253 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
255 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
256 * no longer provide the mbedtls_sha1_process() function, but it will still provide
257 * the other function (using your mbedtls_sha1_process() function) and the definition
258 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
259 * with this definition.
261 * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set
262 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
265 * Uncomment a macro to enable alternate implementation of the corresponding
268 //#define MBEDTLS_MD2_PROCESS_ALT
269 //#define MBEDTLS_MD4_PROCESS_ALT
270 //#define MBEDTLS_MD5_PROCESS_ALT
271 //#define MBEDTLS_RIPEMD160_PROCESS_ALT
272 //#define MBEDTLS_SHA1_PROCESS_ALT
273 //#define MBEDTLS_SHA256_PROCESS_ALT
274 //#define MBEDTLS_SHA512_PROCESS_ALT
275 //#define MBEDTLS_DES_SETKEY_ALT
276 //#define MBEDTLS_DES_CRYPT_ECB_ALT
277 //#define MBEDTLS_DES3_CRYPT_ECB_ALT
278 //#define MBEDTLS_AES_SETKEY_ENC_ALT
279 //#define MBEDTLS_AES_SETKEY_DEC_ALT
280 //#define MBEDTLS_AES_ENCRYPT_ALT
281 //#define MBEDTLS_AES_DECRYPT_ALT
284 * \def MBEDTLS_ENTROPY_HARDWARE_ALT
286 * Uncomment this macro to let mbed TLS use your own implementation of a
287 * hardware entropy collector.
289 * Your function must be called \c mbedtls_hardware_poll(), have the same
290 * prototype as declared in entropy_poll.h, and accept NULL as first argument.
292 * Uncomment to use your own hardware entropy collector.
294 //#define MBEDTLS_ENTROPY_HARDWARE_ALT
297 * \def MBEDTLS_AES_ROM_TABLES
299 * Store the AES tables in ROM.
301 * Uncomment this macro to store the AES tables in ROM.
303 //#define MBEDTLS_AES_ROM_TABLES
306 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
308 * Use less ROM for the Camellia implementation (saves about 768 bytes).
310 * Uncomment this macro to use less memory for Camellia.
312 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY
315 * \def MBEDTLS_CIPHER_MODE_CBC
317 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
319 #define MBEDTLS_CIPHER_MODE_CBC
322 * \def MBEDTLS_CIPHER_MODE_CFB
324 * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
326 #define MBEDTLS_CIPHER_MODE_CFB
329 * \def MBEDTLS_CIPHER_MODE_CTR
331 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
333 #define MBEDTLS_CIPHER_MODE_CTR
336 * \def MBEDTLS_CIPHER_NULL_CIPHER
338 * Enable NULL cipher.
339 * Warning: Only do so when you know what you are doing. This allows for
340 * encryption or channels without any security!
342 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
343 * the following ciphersuites:
344 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
345 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
346 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
347 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
348 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
349 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
350 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
351 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
352 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
353 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
354 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256
355 * MBEDTLS_TLS_RSA_WITH_NULL_SHA
356 * MBEDTLS_TLS_RSA_WITH_NULL_MD5
357 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
358 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
359 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
360 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384
361 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256
362 * MBEDTLS_TLS_PSK_WITH_NULL_SHA
364 * Uncomment this macro to enable the NULL cipher and ciphersuites
366 //#define MBEDTLS_CIPHER_NULL_CIPHER
369 * \def MBEDTLS_CIPHER_PADDING_XXX
371 * Uncomment or comment macros to add support for specific padding modes
372 * in the cipher layer with cipher modes that support padding (e.g. CBC)
374 * If you disable all padding modes, only full blocks can be used with CBC.
376 * Enable padding modes in the cipher layer.
378 #define MBEDTLS_CIPHER_PADDING_PKCS7
379 #define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
380 #define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
381 #define MBEDTLS_CIPHER_PADDING_ZEROS
384 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
386 * Enable weak ciphersuites in SSL / TLS.
387 * Warning: Only do so when you know what you are doing. This allows for
388 * channels with virtually no security at all!
390 * This enables the following ciphersuites:
391 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
392 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
394 * Uncomment this macro to enable weak ciphersuites
396 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
399 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
401 * Remove RC4 ciphersuites by default in SSL / TLS.
402 * This flag removes the ciphersuites based on RC4 from the default list as
403 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
404 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
407 * Uncomment this macro to remove RC4 ciphersuites by default.
409 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
412 * \def MBEDTLS_ECP_XXXX_ENABLED
414 * Enables specific curves within the Elliptic Curve module.
415 * By default all supported curves are enabled.
417 * Comment macros to disable the curve and functions for it
419 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED
420 #define MBEDTLS_ECP_DP_SECP224R1_ENABLED
421 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
422 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED
423 #define MBEDTLS_ECP_DP_SECP521R1_ENABLED
424 #define MBEDTLS_ECP_DP_SECP192K1_ENABLED
425 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED
426 #define MBEDTLS_ECP_DP_SECP256K1_ENABLED
427 #define MBEDTLS_ECP_DP_BP256R1_ENABLED
428 #define MBEDTLS_ECP_DP_BP384R1_ENABLED
429 #define MBEDTLS_ECP_DP_BP512R1_ENABLED
430 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED
433 * \def MBEDTLS_ECP_NIST_OPTIM
435 * Enable specific 'modulo p' routines for each NIST prime.
436 * Depending on the prime and architecture, makes operations 4 to 8 times
437 * faster on the corresponding curve.
439 * Comment this macro to disable NIST curves optimisation.
441 #define MBEDTLS_ECP_NIST_OPTIM
444 * \def MBEDTLS_ECDSA_DETERMINISTIC
446 * Enable deterministic ECDSA (RFC 6979).
447 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
448 * may result in a compromise of the long-term signing key. This is avoided by
449 * the deterministic variant.
451 * Requires: MBEDTLS_HMAC_DRBG_C
453 * Comment this macro to disable deterministic ECDSA.
455 #define MBEDTLS_ECDSA_DETERMINISTIC
458 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
460 * Enable the PSK based ciphersuite modes in SSL / TLS.
462 * This enables the following ciphersuites (if other requisites are
464 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
465 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
466 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
467 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
468 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
469 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
470 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
471 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
472 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
473 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
474 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
475 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
477 //#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED /* swyter: we don't need PSK-based ciphers for schannel */
480 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
482 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
484 * Requires: MBEDTLS_DHM_C
486 * This enables the following ciphersuites (if other requisites are
488 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
489 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
490 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
491 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
492 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
493 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
494 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
495 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
496 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
497 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
498 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
499 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
501 //#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED /* swyter: we don't need PSK-based ciphers for schannel */
504 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
506 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
508 * Requires: MBEDTLS_ECDH_C
510 * This enables the following ciphersuites (if other requisites are
512 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
513 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
514 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
515 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
516 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
517 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
518 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
519 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
521 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED /* swyter: we don't need PSK-based ciphers for schannel */
524 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
526 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
528 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
529 * MBEDTLS_X509_CRT_PARSE_C
531 * This enables the following ciphersuites (if other requisites are
533 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
534 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
535 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
536 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
537 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
538 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
539 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
540 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
541 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
542 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
543 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
544 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
546 //#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED /* swyter: we don't need PSK-based ciphers for schannel */
549 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
551 * Enable the RSA-only based ciphersuite modes in SSL / TLS.
553 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
554 * MBEDTLS_X509_CRT_PARSE_C
556 * This enables the following ciphersuites (if other requisites are
558 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
559 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
560 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
561 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
562 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
563 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
564 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
565 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
566 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
567 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
568 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
569 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
570 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
571 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
572 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
574 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
577 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
579 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
581 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
582 * MBEDTLS_X509_CRT_PARSE_C
584 * This enables the following ciphersuites (if other requisites are
586 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
587 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
588 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
589 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
590 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
591 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
592 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
593 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
594 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
595 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
596 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
597 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
598 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
600 #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
603 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
605 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
607 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
608 * MBEDTLS_X509_CRT_PARSE_C
610 * This enables the following ciphersuites (if other requisites are
612 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
613 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
614 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
615 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
616 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
617 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
618 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
619 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
620 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
621 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
622 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
623 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
625 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
628 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
630 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
632 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
634 * This enables the following ciphersuites (if other requisites are
636 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
637 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
638 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
639 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
640 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
641 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
642 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
643 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
644 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
645 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
646 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
647 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
649 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
652 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
654 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
656 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
658 * This enables the following ciphersuites (if other requisites are
660 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
661 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
662 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
663 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
664 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
665 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
666 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
667 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
668 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
669 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
670 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
671 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
673 #define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
676 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
678 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
680 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
682 * This enables the following ciphersuites (if other requisites are
684 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
685 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
686 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
687 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
688 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
689 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
690 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
691 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
692 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
693 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
694 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
695 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
697 #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
700 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
702 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
704 * \warning This is currently experimental. EC J-PAKE support is based on the
705 * Thread v1.0.0 specification; incompatible changes to the specification
706 * might still happen. For this reason, this is disabled by default.
708 * Requires: MBEDTLS_ECJPAKE_C
710 * MBEDTLS_ECP_DP_SECP256R1_ENABLED
712 * This enables the following ciphersuites (if other requisites are
714 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
716 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
719 * \def MBEDTLS_PK_PARSE_EC_EXTENDED
721 * Enhance support for reading EC keys using variants of SEC1 not allowed by
722 * RFC 5915 and RFC 5480.
724 * Currently this means parsing the SpecifiedECDomain choice of EC
725 * parameters (only known groups are supported, not arbitrary domains, to
726 * avoid validation issues).
728 * Disable if you only need to support RFC 5915 + 5480 key formats.
730 #define MBEDTLS_PK_PARSE_EC_EXTENDED
733 * \def MBEDTLS_ERROR_STRERROR_DUMMY
735 * Enable a dummy error function to make use of mbedtls_strerror() in
736 * third party libraries easier when MBEDTLS_ERROR_C is disabled
737 * (no effect when MBEDTLS_ERROR_C is enabled).
739 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
740 * not using mbedtls_strerror() or error_strerror() in your application.
742 * Disable if you run into name conflicts and want to really remove the
745 #define MBEDTLS_ERROR_STRERROR_DUMMY
748 * \def MBEDTLS_GENPRIME
750 * Enable the prime-number generation code.
752 * Requires: MBEDTLS_BIGNUM_C
754 #define MBEDTLS_GENPRIME
759 * Enable functions that use the filesystem.
761 //#define MBEDTLS_FS_IO /* swyter: we don't have to access the filesystem directly in schannel */
764 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
766 * Do not add default entropy sources. These are the platform specific,
767 * mbedtls_timing_hardclock and HAVEGE based poll functions.
769 * This is useful to have more control over the added entropy sources in an
772 * Uncomment this macro to prevent loading of default entropy functions.
774 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
777 * \def MBEDTLS_NO_PLATFORM_ENTROPY
779 * Do not use built-in platform entropy functions.
780 * This is useful if your platform does not support
781 * standards like the /dev/urandom or Windows CryptoAPI.
783 * Uncomment this macro to disable the built-in platform entropy functions.
785 //#define MBEDTLS_NO_PLATFORM_ENTROPY
788 * \def MBEDTLS_ENTROPY_FORCE_SHA256
790 * Force the entropy accumulator to use a SHA-256 accumulator instead of the
791 * default SHA-512 based one (if both are available).
793 * Requires: MBEDTLS_SHA256_C
795 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
796 * if you have performance concerns.
798 * This option is only useful if both MBEDTLS_SHA256_C and
799 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
801 #define MBEDTLS_ENTROPY_FORCE_SHA256 /* swyter: ReactOS is primarily 32-bit only, this speeds it up notably */
804 * \def MBEDTLS_MEMORY_DEBUG
806 * Enable debugging of buffer allocator memory issues. Automatically prints
807 * (to stderr) all (fatal) messages on memory allocation issues. Enables
808 * function for 'debug output' of allocated memory.
810 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
812 * Uncomment this macro to let the buffer allocator print out error messages.
814 //#define MBEDTLS_MEMORY_DEBUG
817 * \def MBEDTLS_MEMORY_BACKTRACE
819 * Include backtrace information with each allocated block.
821 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
822 * GLIBC-compatible backtrace() an backtrace_symbols() support
824 * Uncomment this macro to include backtrace information
826 //#define MBEDTLS_MEMORY_BACKTRACE
829 * \def MBEDTLS_PK_RSA_ALT_SUPPORT
831 * Support external private RSA keys (eg from a HSM) in the PK layer.
833 * Comment this macro to disable support for external private RSA keys.
835 #define MBEDTLS_PK_RSA_ALT_SUPPORT
838 * \def MBEDTLS_PKCS1_V15
840 * Enable support for PKCS#1 v1.5 encoding.
842 * Requires: MBEDTLS_RSA_C
844 * This enables support for PKCS#1 v1.5 operations.
846 #define MBEDTLS_PKCS1_V15
849 * \def MBEDTLS_PKCS1_V21
851 * Enable support for PKCS#1 v2.1 encoding.
853 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
855 * This enables support for RSAES-OAEP and RSASSA-PSS operations.
857 #define MBEDTLS_PKCS1_V21
860 * \def MBEDTLS_RSA_NO_CRT
862 * Do not use the Chinese Remainder Theorem for the RSA private operation.
864 * Uncomment this macro to disable the use of CRT in RSA.
867 //#define MBEDTLS_RSA_NO_CRT
870 * \def MBEDTLS_SELF_TEST
872 * Enable the checkup functions (*_self_test).
874 //#define MBEDTLS_SELF_TEST /* swyter: we don't need this, adds quite a bit of bloat */
877 * \def MBEDTLS_SHA256_SMALLER
879 * Enable an implementation of SHA-256 that has lower ROM footprint but also
882 * The default implementation is meant to be a reasonnable compromise between
883 * performance and size. This version optimizes more aggressively for size at
884 * the expense of performance. Eg on Cortex-M4 it reduces the size of
885 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
888 * Uncomment to enable the smaller implementation of SHA256.
890 //#define MBEDTLS_SHA256_SMALLER
893 * \def MBEDTLS_SSL_AEAD_RANDOM_IV
895 * Generate a random IV rather than using the record sequence number as a
896 * nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
898 * Using the sequence number is generally recommended.
900 * Uncomment this macro to always use random IVs with AEAD ciphersuites.
902 //#define MBEDTLS_SSL_AEAD_RANDOM_IV
905 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
907 * Enable sending of alert messages in case of encountered errors as per RFC.
908 * If you choose not to send the alert messages, mbed TLS can still communicate
909 * with other servers, only debugging of failures is harder.
911 * The advantage of not sending alert messages, is that no information is given
912 * about reasons for failures thus preventing adversaries of gaining intel.
914 * Enable sending of all alert messages
916 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES
919 * \def MBEDTLS_SSL_DEBUG_ALL
921 * Enable the debug messages in SSL module for all issues.
922 * Debug messages have been disabled in some places to prevent timing
923 * attacks due to (unbalanced) debugging function calls.
925 * If you need all error reporting you should enable this during debugging,
926 * but remove this for production servers that should log as well.
928 * Uncomment this macro to report all debug messages on errors introducing
929 * a timing side-channel.
932 //#define MBEDTLS_SSL_DEBUG_ALL /* swyter: we don't need that much verboseness that clogges up the dll with strings */
934 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
936 * Enable support for Encrypt-then-MAC, RFC 7366.
938 * This allows peers that both support it to use a more robust protection for
939 * ciphersuites using CBC, providing deep resistance against timing attacks
940 * on the padding or underlying cipher.
942 * This only affects CBC ciphersuites, and is useless if none is defined.
944 * Requires: MBEDTLS_SSL_PROTO_TLS1 or
945 * MBEDTLS_SSL_PROTO_TLS1_1 or
946 * MBEDTLS_SSL_PROTO_TLS1_2
948 * Comment this macro to disable support for Encrypt-then-MAC
950 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC
952 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
954 * Enable support for Extended Master Secret, aka Session Hash
955 * (draft-ietf-tls-session-hash-02).
957 * This was introduced as "the proper fix" to the Triple Handshake familiy of
958 * attacks, but it is recommended to always use it (even if you disable
959 * renegotiation), since it actually fixes a more fundamental issue in the
960 * original SSL/TLS design, and has implications beyond Triple Handshake.
962 * Requires: MBEDTLS_SSL_PROTO_TLS1 or
963 * MBEDTLS_SSL_PROTO_TLS1_1 or
964 * MBEDTLS_SSL_PROTO_TLS1_2
966 * Comment this macro to disable support for Extended Master Secret.
968 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
971 * \def MBEDTLS_SSL_FALLBACK_SCSV
973 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
975 * For servers, it is recommended to always enable this, unless you support
976 * only one version of TLS, or know for sure that none of your clients
977 * implements a fallback strategy.
979 * For clients, you only need this if you're using a fallback strategy, which
980 * is not recommended in the first place, unless you absolutely need it to
981 * interoperate with buggy (version-intolerant) servers.
983 * Comment this macro to disable support for FALLBACK_SCSV
985 //#define MBEDTLS_SSL_FALLBACK_SCSV /* swyter: as the description says, we don't need this for clients */
988 * \def MBEDTLS_SSL_HW_RECORD_ACCEL
990 * Enable hooking functions in SSL module for hardware acceleration of
991 * individual records.
993 * Uncomment this macro to enable hooking functions.
995 //#define MBEDTLS_SSL_HW_RECORD_ACCEL
998 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
1000 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
1002 * This is a countermeasure to the BEAST attack, which also minimizes the risk
1003 * of interoperability issues compared to sending 0-length records.
1005 * Comment this macro to disable 1/n-1 record splitting.
1007 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING
1010 * \def MBEDTLS_SSL_RENEGOTIATION
1012 * Disable support for TLS renegotiation.
1014 * The two main uses of renegotiation are (1) refresh keys on long-lived
1015 * connections and (2) client authentication after the initial handshake.
1016 * If you don't need renegotiation, it's probably better to disable it, since
1017 * it has been associated with security issues in the past and is easy to
1018 * misuse/misunderstand.
1020 * Comment this to disable support for renegotiation.
1022 #define MBEDTLS_SSL_RENEGOTIATION
1025 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
1027 * Enable support for receiving and parsing SSLv2 Client Hello messages for the
1028 * SSL Server module (MBEDTLS_SSL_SRV_C).
1030 * Uncomment this macro to enable support for SSLv2 Client Hello messages.
1032 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO /* swyter: we don't need anything server-related */
1035 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
1037 * Pick the ciphersuite according to the client's preferences rather than ours
1038 * in the SSL Server module (MBEDTLS_SSL_SRV_C).
1040 * Uncomment this macro to respect client's ciphersuite order
1042 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE /* swyter: we don't need anything server-related */
1045 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
1047 * Enable support for RFC 6066 max_fragment_length extension in SSL.
1049 * Comment this macro to disable support for the max_fragment_length extension
1051 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
1054 * \def MBEDTLS_SSL_PROTO_SSL3
1056 * Enable support for SSL 3.0.
1058 * Requires: MBEDTLS_MD5_C
1061 * Comment this macro to disable support for SSL 3.0
1063 //#define MBEDTLS_SSL_PROTO_SSL3 /* swyter: this is potentially insecure and should remain ethernaly disabled */
1066 * \def MBEDTLS_SSL_PROTO_TLS1
1068 * Enable support for TLS 1.0.
1070 * Requires: MBEDTLS_MD5_C
1073 * Comment this macro to disable support for TLS 1.0
1075 #define MBEDTLS_SSL_PROTO_TLS1
1078 * \def MBEDTLS_SSL_PROTO_TLS1_1
1080 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
1082 * Requires: MBEDTLS_MD5_C
1085 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
1087 #define MBEDTLS_SSL_PROTO_TLS1_1
1090 * \def MBEDTLS_SSL_PROTO_TLS1_2
1092 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
1094 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
1095 * (Depends on ciphersuites)
1097 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
1099 #define MBEDTLS_SSL_PROTO_TLS1_2
1102 * \def MBEDTLS_SSL_PROTO_DTLS
1104 * Enable support for DTLS (all available versions).
1106 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
1107 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
1109 * Requires: MBEDTLS_SSL_PROTO_TLS1_1
1110 * or MBEDTLS_SSL_PROTO_TLS1_2
1112 * Comment this macro to disable support for DTLS
1114 //#define MBEDTLS_SSL_PROTO_DTLS /* swyter: schannel does not support UDP sockets, DTLS is useless */
1117 * \def MBEDTLS_SSL_ALPN
1119 * Enable support for RFC 7301 Application Layer Protocol Negotiation.
1121 * Comment this macro to disable support for ALPN.
1123 #define MBEDTLS_SSL_ALPN
1126 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
1128 * Enable support for the anti-replay mechanism in DTLS.
1130 * Requires: MBEDTLS_SSL_TLS_C
1131 * MBEDTLS_SSL_PROTO_DTLS
1133 * \warning Disabling this is often a security risk!
1134 * See mbedtls_ssl_conf_dtls_anti_replay() for details.
1136 * Comment this to disable anti-replay in DTLS.
1138 //#define MBEDTLS_SSL_DTLS_ANTI_REPLAY /* swyter: schannel does not support UDP sockets, DTLS is useless */
1141 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
1143 * Enable support for HelloVerifyRequest on DTLS servers.
1145 * This feature is highly recommended to prevent DTLS servers being used as
1146 * amplifiers in DoS attacks against other hosts. It should always be enabled
1147 * unless you know for sure amplification cannot be a problem in the
1148 * environment in which your server operates.
1150 * \warning Disabling this can ba a security risk! (see above)
1152 * Requires: MBEDTLS_SSL_PROTO_DTLS
1154 * Comment this to disable support for HelloVerifyRequest.
1156 //#define MBEDTLS_SSL_DTLS_HELLO_VERIFY /* swyter: schannel does not support UDP sockets, DTLS is useless */
1159 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
1161 * Enable server-side support for clients that reconnect from the same port.
1163 * Some clients unexpectedly close the connection and try to reconnect using the
1164 * same source port. This needs special support from the server to handle the
1165 * new connection securely, as described in section 4.2.8 of RFC 6347. This
1166 * flag enables that support.
1168 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
1170 * Comment this to disable support for clients reusing the source port.
1172 //#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE /* swyter: schannel does not support UDP sockets, DTLS is useless */
1175 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
1177 * Enable support for a limit of records with bad MAC.
1179 * See mbedtls_ssl_conf_dtls_badmac_limit().
1181 * Requires: MBEDTLS_SSL_PROTO_DTLS
1183 //#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT /* swyter: schannel does not support UDP sockets, DTLS is useless */
1186 * \def MBEDTLS_SSL_SESSION_TICKETS
1188 * Enable support for RFC 5077 session tickets in SSL.
1189 * Client-side, provides full support for session tickets (maintainance of a
1190 * session store remains the responsibility of the application, though).
1191 * Server-side, you also need to provide callbacks for writing and parsing
1192 * tickets, including authenticated encryption and key management. Example
1193 * callbacks are provided by MBEDTLS_SSL_TICKET_C.
1195 * Comment this macro to disable support for SSL session tickets
1197 #define MBEDTLS_SSL_SESSION_TICKETS
1200 * \def MBEDTLS_SSL_EXPORT_KEYS
1202 * Enable support for exporting key block and master secret.
1203 * This is required for certain users of TLS, e.g. EAP-TLS.
1205 * Comment this macro to disable support for key export
1207 //#define MBEDTLS_SSL_EXPORT_KEYS
1210 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
1212 * Enable support for RFC 6066 server name indication (SNI) in SSL.
1214 * Requires: MBEDTLS_X509_CRT_PARSE_C
1216 * Comment this macro to disable support for server name indication in SSL
1218 #define MBEDTLS_SSL_SERVER_NAME_INDICATION
1221 * \def MBEDTLS_SSL_TRUNCATED_HMAC
1223 * Enable support for RFC 6066 truncated HMAC in SSL.
1225 * Comment this macro to disable support for truncated HMAC in SSL
1227 #define MBEDTLS_SSL_TRUNCATED_HMAC
1230 * \def MBEDTLS_THREADING_ALT
1232 * Provide your own alternate threading implementation.
1234 * Requires: MBEDTLS_THREADING_C
1236 * Uncomment this to allow your own alternate threading implementation.
1238 //#define MBEDTLS_THREADING_ALT
1241 * \def MBEDTLS_THREADING_PTHREAD
1243 * Enable the pthread wrapper layer for the threading layer.
1245 * Requires: MBEDTLS_THREADING_C
1247 * Uncomment this to enable pthread mutexes.
1249 //#define MBEDTLS_THREADING_PTHREAD
1252 * \def MBEDTLS_VERSION_FEATURES
1254 * Allow run-time checking of compile-time enabled features. Thus allowing users
1255 * to check at run-time if the library is for instance compiled with threading
1256 * support via mbedtls_version_check_feature().
1258 * Requires: MBEDTLS_VERSION_C
1260 * Comment this to disable run-time checking and save ROM space
1262 //#define MBEDTLS_VERSION_FEATURES
1265 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
1267 * If set, the X509 parser will not break-off when parsing an X509 certificate
1268 * and encountering an extension in a v1 or v2 certificate.
1270 * Uncomment to prevent an error.
1272 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
1275 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
1277 * If set, the X509 parser will not break-off when parsing an X509 certificate
1278 * and encountering an unknown critical extension.
1280 * \warning Depending on your PKI use, enabling this can be a security risk!
1282 * Uncomment to prevent an error.
1284 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
1287 * \def MBEDTLS_X509_CHECK_KEY_USAGE
1289 * Enable verification of the keyUsage extension (CA and leaf certificates).
1291 * Disabling this avoids problems with mis-issued and/or misused
1292 * (intermediate) CA and leaf certificates.
1294 * \warning Depending on your PKI use, disabling this can be a security risk!
1296 * Comment to skip keyUsage checking for both CA and leaf certificates.
1298 #define MBEDTLS_X509_CHECK_KEY_USAGE
1301 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
1303 * Enable verification of the extendedKeyUsage extension (leaf certificates).
1305 * Disabling this avoids problems with mis-issued and/or misused certificates.
1307 * \warning Depending on your PKI use, disabling this can be a security risk!
1309 * Comment to skip extendedKeyUsage checking for certificates.
1311 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
1314 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
1316 * Enable parsing and verification of X.509 certificates, CRLs and CSRS
1317 * signed with RSASSA-PSS (aka PKCS#1 v2.1).
1319 * Comment this macro to disallow using RSASSA-PSS in certificates.
1321 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT
1324 * \def MBEDTLS_ZLIB_SUPPORT
1326 * If set, the SSL/TLS module uses ZLIB to support compression and
1327 * decompression of packet data.
1329 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
1330 * CRIME attack. Before enabling this option, you should examine with care if
1331 * CRIME or similar exploits may be a applicable to your use case.
1333 * \note Currently compression can't be used with DTLS.
1335 * Used in: library/ssl_tls.c
1339 * This feature requires zlib library and headers to be present.
1341 * Uncomment to enable use of ZLIB
1343 //#define MBEDTLS_ZLIB_SUPPORT
1344 /* \} name SECTION: mbed TLS feature support */
1347 * \name SECTION: mbed TLS modules
1349 * This section enables or disables entire modules in mbed TLS
1354 * \def MBEDTLS_AESNI_C
1356 * Enable AES-NI support on x86-64.
1358 * Module: library/aesni.c
1359 * Caller: library/aes.c
1361 * Requires: MBEDTLS_HAVE_ASM
1363 * This modules adds support for the AES-NI instructions on x86-64
1365 #define MBEDTLS_AESNI_C /* swyter: looks like these AMD64 improvements are behind an arch macro, better perf is always good */
1368 * \def MBEDTLS_AES_C
1370 * Enable the AES block cipher.
1372 * Module: library/aes.c
1373 * Caller: library/ssl_tls.c
1375 * library/ctr_drbg.c
1377 * This module enables the following ciphersuites (if other requisites are
1379 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
1380 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
1381 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
1382 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
1383 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
1384 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
1385 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
1386 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
1387 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
1388 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
1389 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
1390 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
1391 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1392 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1393 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
1394 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
1395 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
1396 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
1397 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1398 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1399 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1400 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1401 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1402 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
1403 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
1404 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
1405 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
1406 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1407 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1408 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1409 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
1410 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
1411 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
1412 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
1413 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
1414 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
1415 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
1416 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
1417 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
1418 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
1419 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
1420 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
1421 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
1422 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
1423 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
1424 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
1425 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
1426 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
1427 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
1428 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
1429 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
1430 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
1431 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
1432 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
1433 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
1434 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
1435 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
1436 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
1438 * PEM_PARSE uses AES for decrypting encrypted keys.
1440 #define MBEDTLS_AES_C
1443 * \def MBEDTLS_ARC4_C
1445 * Enable the ARCFOUR stream cipher.
1447 * Module: library/arc4.c
1448 * Caller: library/ssl_tls.c
1450 * This module enables the following ciphersuites (if other requisites are
1452 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
1453 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
1454 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
1455 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
1456 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
1457 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
1458 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
1459 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
1460 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
1461 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
1463 #define MBEDTLS_ARC4_C
1466 * \def MBEDTLS_ASN1_PARSE_C
1468 * Enable the generic ASN1 parser.
1470 * Module: library/asn1.c
1471 * Caller: library/x509.c
1477 #define MBEDTLS_ASN1_PARSE_C
1480 * \def MBEDTLS_ASN1_WRITE_C
1482 * Enable the generic ASN1 writer.
1484 * Module: library/asn1write.c
1485 * Caller: library/ecdsa.c
1487 * library/x509_create.c
1488 * library/x509write_crt.c
1489 * library/mbedtls_x509write_csr.c
1491 #define MBEDTLS_ASN1_WRITE_C
1494 * \def MBEDTLS_BASE64_C
1496 * Enable the Base64 module.
1498 * Module: library/base64.c
1499 * Caller: library/pem.c
1501 * This module is required for PEM support (required by X.509).
1503 //#define MBEDTLS_BASE64_C
1506 * \def MBEDTLS_BIGNUM_C
1508 * Enable the multi-precision integer library.
1510 * Module: library/bignum.c
1511 * Caller: library/dhm.c
1517 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
1519 #define MBEDTLS_BIGNUM_C
1522 * \def MBEDTLS_BLOWFISH_C
1524 * Enable the Blowfish block cipher.
1526 * Module: library/blowfish.c
1528 #define MBEDTLS_BLOWFISH_C
1531 * \def MBEDTLS_CAMELLIA_C
1533 * Enable the Camellia block cipher.
1535 * Module: library/camellia.c
1536 * Caller: library/ssl_tls.c
1538 * This module enables the following ciphersuites (if other requisites are
1540 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
1541 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
1542 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
1543 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
1544 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
1545 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
1546 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
1547 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
1548 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
1549 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
1550 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
1551 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
1552 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
1553 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
1554 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
1555 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
1556 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
1557 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
1558 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
1559 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
1560 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
1561 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
1562 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
1563 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
1564 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
1565 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
1566 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
1567 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
1568 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
1569 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
1570 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
1571 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
1572 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
1573 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
1574 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
1575 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
1576 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
1577 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
1578 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
1579 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
1580 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
1581 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
1583 #define MBEDTLS_CAMELLIA_C
1586 * \def MBEDTLS_CCM_C
1588 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
1590 * Module: library/ccm.c
1592 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
1594 * This module enables the AES-CCM ciphersuites, if other requisites are
1597 #define MBEDTLS_CCM_C
1600 * \def MBEDTLS_CERTS_C
1602 * Enable the test certificates.
1604 * Module: library/certs.c
1607 * This module is used for testing (ssl_client/server).
1609 //#define MBEDTLS_CERTS_C /* swyter: these test certs are completely useless */
1612 * \def MBEDTLS_CIPHER_C
1614 * Enable the generic cipher layer.
1616 * Module: library/cipher.c
1617 * Caller: library/ssl_tls.c
1619 * Uncomment to enable generic cipher wrappers.
1621 #define MBEDTLS_CIPHER_C
1624 * \def MBEDTLS_CTR_DRBG_C
1626 * Enable the CTR_DRBG AES-256-based random generator.
1628 * Module: library/ctr_drbg.c
1631 * Requires: MBEDTLS_AES_C
1633 * This module provides the CTR_DRBG AES-256 random number generator.
1635 #define MBEDTLS_CTR_DRBG_C
1638 * \def MBEDTLS_DEBUG_C
1640 * Enable the debug functions.
1642 * Module: library/debug.c
1643 * Caller: library/ssl_cli.c
1647 * This module provides debugging functions.
1650 #define MBEDTLS_DEBUG_C /* swyter: we don't even need this level of verboseness, useful only when developing */
1654 * \def MBEDTLS_DES_C
1656 * Enable the DES block cipher.
1658 * Module: library/des.c
1659 * Caller: library/pem.c
1662 * This module enables the following ciphersuites (if other requisites are
1664 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
1665 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
1666 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
1667 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
1668 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
1669 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
1670 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
1671 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
1672 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
1673 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
1675 * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
1677 #define MBEDTLS_DES_C
1680 * \def MBEDTLS_DHM_C
1682 * Enable the Diffie-Hellman-Merkle module.
1684 * Module: library/dhm.c
1685 * Caller: library/ssl_cli.c
1688 * This module is used by the following key exchanges:
1691 #define MBEDTLS_DHM_C
1694 * \def MBEDTLS_ECDH_C
1696 * Enable the elliptic curve Diffie-Hellman library.
1698 * Module: library/ecdh.c
1699 * Caller: library/ssl_cli.c
1702 * This module is used by the following key exchanges:
1703 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
1705 * Requires: MBEDTLS_ECP_C
1707 #define MBEDTLS_ECDH_C
1710 * \def MBEDTLS_ECDSA_C
1712 * Enable the elliptic curve DSA library.
1714 * Module: library/ecdsa.c
1717 * This module is used by the following key exchanges:
1720 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
1722 #define MBEDTLS_ECDSA_C
1725 * \def MBEDTLS_ECJPAKE_C
1727 * Enable the elliptic curve J-PAKE library.
1729 * \warning This is currently experimental. EC J-PAKE support is based on the
1730 * Thread v1.0.0 specification; incompatible changes to the specification
1731 * might still happen. For this reason, this is disabled by default.
1733 * Module: library/ecjpake.c
1736 * This module is used by the following key exchanges:
1739 * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
1741 //#define MBEDTLS_ECJPAKE_C
1744 * \def MBEDTLS_ECP_C
1746 * Enable the elliptic curve over GF(p) library.
1748 * Module: library/ecp.c
1749 * Caller: library/ecdh.c
1753 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
1755 #define MBEDTLS_ECP_C
1758 * \def MBEDTLS_ENTROPY_C
1760 * Enable the platform-specific entropy code.
1762 * Module: library/entropy.c
1765 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
1767 * This module provides a generic entropy pool
1769 #define MBEDTLS_ENTROPY_C
1772 * \def MBEDTLS_ERROR_C
1774 * Enable error code to error string conversion.
1776 * Module: library/error.c
1779 * This module enables mbedtls_strerror().
1781 //#define MBEDTLS_ERROR_C /* swyter: we don't print user errors, so this trims some fat */
1784 * \def MBEDTLS_GCM_C
1786 * Enable the Galois/Counter Mode (GCM) for AES.
1788 * Module: library/gcm.c
1790 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
1792 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
1793 * requisites are enabled as well.
1795 #define MBEDTLS_GCM_C
1798 * \def MBEDTLS_HAVEGE_C
1800 * Enable the HAVEGE random generator.
1802 * Warning: the HAVEGE random generator is not suitable for virtualized
1805 * Warning: the HAVEGE random generator is dependent on timing and specific
1806 * processor traits. It is therefore not advised to use HAVEGE as
1807 * your applications primary random generator or primary entropy pool
1808 * input. As a secondary input to your entropy pool, it IS able add
1809 * the (limited) extra entropy it provides.
1811 * Module: library/havege.c
1814 * Requires: MBEDTLS_TIMING_C
1816 * Uncomment to enable the HAVEGE random generator.
1818 //#define MBEDTLS_HAVEGE_C
1821 * \def MBEDTLS_HMAC_DRBG_C
1823 * Enable the HMAC_DRBG random generator.
1825 * Module: library/hmac_drbg.c
1828 * Requires: MBEDTLS_MD_C
1830 * Uncomment to enable the HMAC_DRBG random number geerator.
1832 #define MBEDTLS_HMAC_DRBG_C
1837 * Enable the generic message digest layer.
1839 * Module: library/mbedtls_md.c
1842 * Uncomment to enable generic message digest wrappers.
1844 #define MBEDTLS_MD_C
1847 * \def MBEDTLS_MD2_C
1849 * Enable the MD2 hash algorithm.
1851 * Module: library/mbedtls_md2.c
1854 * Uncomment to enable support for (rare) MD2-signed X.509 certs.
1856 //#define MBEDTLS_MD2_C
1859 * \def MBEDTLS_MD4_C
1861 * Enable the MD4 hash algorithm.
1863 * Module: library/mbedtls_md4.c
1866 * Uncomment to enable support for (rare) MD4-signed X.509 certs.
1868 //#define MBEDTLS_MD4_C
1871 * \def MBEDTLS_MD5_C
1873 * Enable the MD5 hash algorithm.
1875 * Module: library/mbedtls_md5.c
1876 * Caller: library/mbedtls_md.c
1880 * This module is required for SSL/TLS and X.509.
1881 * PEM_PARSE uses MD5 for decrypting encrypted keys.
1883 #define MBEDTLS_MD5_C
1886 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
1888 * Enable the buffer allocator implementation that makes use of a (stack)
1889 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
1892 * Module: library/memory_buffer_alloc.c
1894 * Requires: MBEDTLS_PLATFORM_C
1895 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
1897 * Enable this module to enable the buffer memory allocator.
1899 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
1902 * \def MBEDTLS_NET_C
1904 * Enable the TCP/IP networking routines.
1906 * Module: library/net.c
1908 * This module provides TCP/IP networking routines.
1910 //#define MBEDTLS_NET_C /* swyter: we don't use the network routines, in fact in schannel we replace them with our own shim to forward the managed network buffers */
1913 * \def MBEDTLS_OID_C
1915 * Enable the OID database.
1917 * Module: library/oid.c
1918 * Caller: library/asn1write.c
1924 * library/x509_create.c
1925 * library/mbedtls_x509_crl.c
1926 * library/mbedtls_x509_crt.c
1927 * library/mbedtls_x509_csr.c
1928 * library/x509write_crt.c
1929 * library/mbedtls_x509write_csr.c
1931 * This modules translates between OIDs and internal values.
1933 #define MBEDTLS_OID_C
1936 * \def MBEDTLS_PADLOCK_C
1938 * Enable VIA Padlock support on x86.
1940 * Module: library/padlock.c
1941 * Caller: library/aes.c
1943 * Requires: MBEDTLS_HAVE_ASM
1945 * This modules adds support for the VIA PadLock on x86.
1947 #define MBEDTLS_PADLOCK_C
1950 * \def MBEDTLS_PEM_PARSE_C
1952 * Enable PEM decoding / parsing.
1954 * Module: library/pem.c
1955 * Caller: library/dhm.c
1957 * library/mbedtls_x509_crl.c
1958 * library/mbedtls_x509_crt.c
1959 * library/mbedtls_x509_csr.c
1961 * Requires: MBEDTLS_BASE64_C
1963 * This modules adds support for decoding / parsing PEM files.
1965 //#define MBEDTLS_PEM_PARSE_C /* swyter: we don't do any PEM decoding */
1968 * \def MBEDTLS_PEM_WRITE_C
1970 * Enable PEM encoding / writing.
1972 * Module: library/pem.c
1973 * Caller: library/pkwrite.c
1974 * library/x509write_crt.c
1975 * library/mbedtls_x509write_csr.c
1977 * Requires: MBEDTLS_BASE64_C
1979 * This modules adds support for encoding / writing PEM files.
1981 //#define MBEDTLS_PEM_WRITE_C /* swyter: we don't do any PEM decoding */
1986 * Enable the generic public (asymetric) key layer.
1988 * Module: library/pk.c
1989 * Caller: library/ssl_tls.c
1993 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
1995 * Uncomment to enable generic public key wrappers.
1997 #define MBEDTLS_PK_C
2000 * \def MBEDTLS_PK_PARSE_C
2002 * Enable the generic public (asymetric) key parser.
2004 * Module: library/pkparse.c
2005 * Caller: library/mbedtls_x509_crt.c
2006 * library/mbedtls_x509_csr.c
2008 * Requires: MBEDTLS_PK_C
2010 * Uncomment to enable generic public key parse functions.
2012 #define MBEDTLS_PK_PARSE_C
2015 * \def MBEDTLS_PK_WRITE_C
2017 * Enable the generic public (asymetric) key writer.
2019 * Module: library/pkwrite.c
2020 * Caller: library/x509write.c
2022 * Requires: MBEDTLS_PK_C
2024 * Uncomment to enable generic public key write functions.
2026 //#define MBEDTLS_PK_WRITE_C /* swyter: we don't write any PK */
2029 * \def MBEDTLS_PKCS5_C
2031 * Enable PKCS#5 functions.
2033 * Module: library/pkcs5.c
2035 * Requires: MBEDTLS_MD_C
2037 * This module adds support for the PKCS#5 functions.
2039 #define MBEDTLS_PKCS5_C
2042 * \def MBEDTLS_PKCS11_C
2044 * Enable wrapper for PKCS#11 smartcard support.
2046 * Module: library/pkcs11.c
2047 * Caller: library/pk.c
2049 * Requires: MBEDTLS_PK_C
2051 * This module enables SSL/TLS PKCS #11 smartcard support.
2052 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
2054 //#define MBEDTLS_PKCS11_C
2057 * \def MBEDTLS_PKCS12_C
2059 * Enable PKCS#12 PBE functions.
2060 * Adds algorithms for parsing PKCS#8 encrypted private keys
2062 * Module: library/pkcs12.c
2063 * Caller: library/pkparse.c
2065 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
2066 * Can use: MBEDTLS_ARC4_C
2068 * This module enables PKCS#12 functions.
2070 #define MBEDTLS_PKCS12_C
2073 * \def MBEDTLS_PLATFORM_C
2075 * Enable the platform abstraction layer that allows you to re-assign
2076 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
2078 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
2079 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
2080 * above to be specified at runtime or compile time respectively.
2082 * \note This abstraction layer must be enabled on Windows (including MSYS2)
2083 * as other module rely on it for a fixed snprintf implementation.
2085 * Module: library/platform.c
2086 * Caller: Most other .c files
2088 * This module enables abstraction of common (libc) functions.
2090 #define MBEDTLS_PLATFORM_C
2093 * \def MBEDTLS_RIPEMD160_C
2095 * Enable the RIPEMD-160 hash algorithm.
2097 * Module: library/mbedtls_ripemd160.c
2098 * Caller: library/mbedtls_md.c
2101 #define MBEDTLS_RIPEMD160_C
2104 * \def MBEDTLS_RSA_C
2106 * Enable the RSA public-key cryptosystem.
2108 * Module: library/rsa.c
2109 * Caller: library/ssl_cli.c
2114 * This module is used by the following key exchanges:
2115 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
2117 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
2119 #define MBEDTLS_RSA_C
2122 * \def MBEDTLS_SHA1_C
2124 * Enable the SHA1 cryptographic hash algorithm.
2126 * Module: library/mbedtls_sha1.c
2127 * Caller: library/mbedtls_md.c
2131 * library/x509write_crt.c
2133 * This module is required for SSL/TLS and SHA1-signed certificates.
2135 #define MBEDTLS_SHA1_C
2138 * \def MBEDTLS_SHA256_C
2140 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
2142 * Module: library/mbedtls_sha256.c
2143 * Caller: library/entropy.c
2144 * library/mbedtls_md.c
2149 * This module adds support for SHA-224 and SHA-256.
2150 * This module is required for the SSL/TLS 1.2 PRF function.
2152 #define MBEDTLS_SHA256_C
2155 * \def MBEDTLS_SHA512_C
2157 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
2159 * Module: library/mbedtls_sha512.c
2160 * Caller: library/entropy.c
2161 * library/mbedtls_md.c
2165 * This module adds support for SHA-384 and SHA-512.
2167 #define MBEDTLS_SHA512_C
2170 * \def MBEDTLS_SSL_CACHE_C
2172 * Enable simple SSL cache implementation.
2174 * Module: library/ssl_cache.c
2177 * Requires: MBEDTLS_SSL_CACHE_C
2179 //#define MBEDTLS_SSL_CACHE_C /* swyter: we don't make use of this caching mechanism, as the WINE schannel API does not expose it */
2182 * \def MBEDTLS_SSL_COOKIE_C
2184 * Enable basic implementation of DTLS cookies for hello verification.
2186 * Module: library/ssl_cookie.c
2189 //#define MBEDTLS_SSL_COOKIE_C /* swyter: schannel does not support UDP sockets, DTLS is useless */
2192 * \def MBEDTLS_SSL_TICKET_C
2194 * Enable an implementation of TLS server-side callbacks for session tickets.
2196 * Module: library/ssl_ticket.c
2199 * Requires: MBEDTLS_CIPHER_C
2201 #define MBEDTLS_SSL_TICKET_C
2204 * \def MBEDTLS_SSL_CLI_C
2206 * Enable the SSL/TLS client code.
2208 * Module: library/ssl_cli.c
2211 * Requires: MBEDTLS_SSL_TLS_C
2213 * This module is required for SSL/TLS client support.
2215 #define MBEDTLS_SSL_CLI_C
2218 * \def MBEDTLS_SSL_SRV_C
2220 * Enable the SSL/TLS server code.
2222 * Module: library/ssl_srv.c
2225 * Requires: MBEDTLS_SSL_TLS_C
2227 * This module is required for SSL/TLS server support.
2229 //#define MBEDTLS_SSL_SRV_C /* swyter: we don't need anything server-related */
2232 * \def MBEDTLS_SSL_TLS_C
2234 * Enable the generic SSL/TLS code.
2236 * Module: library/ssl_tls.c
2237 * Caller: library/ssl_cli.c
2240 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
2241 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines
2243 * This module is required for SSL/TLS.
2245 #define MBEDTLS_SSL_TLS_C
2248 * \def MBEDTLS_THREADING_C
2250 * Enable the threading abstraction layer.
2251 * By default mbed TLS assumes it is used in a non-threaded environment or that
2252 * contexts are not shared between threads. If you do intend to use contexts
2253 * between threads, you will need to enable this layer to prevent race
2256 * Module: library/threading.c
2258 * This allows different threading implementations (self-implemented or
2261 * You will have to enable either MBEDTLS_THREADING_ALT or
2262 * MBEDTLS_THREADING_PTHREAD.
2264 * Enable this layer to allow use of mutexes within mbed TLS
2266 //#define MBEDTLS_THREADING_C
2269 * \def MBEDTLS_TIMING_C
2271 * Enable the portable timing interface.
2273 * Module: library/timing.c
2274 * Caller: library/havege.c
2276 * This module is used by the HAVEGE random number generator.
2278 #define MBEDTLS_TIMING_C
2281 * \def MBEDTLS_VERSION_C
2283 * Enable run-time version information.
2285 * Module: library/version.c
2287 * This module provides run-time version information.
2289 //#define MBEDTLS_VERSION_C /* swyter: we don't use these functions, so it's a waste of space */
2292 * \def MBEDTLS_X509_USE_C
2294 * Enable X.509 core for using certificates.
2296 * Module: library/x509.c
2297 * Caller: library/mbedtls_x509_crl.c
2298 * library/mbedtls_x509_crt.c
2299 * library/mbedtls_x509_csr.c
2301 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
2302 * MBEDTLS_PK_PARSE_C
2304 * This module is required for the X.509 parsing modules.
2306 #define MBEDTLS_X509_USE_C
2309 * \def MBEDTLS_X509_CRT_PARSE_C
2311 * Enable X.509 certificate parsing.
2313 * Module: library/mbedtls_x509_crt.c
2314 * Caller: library/ssl_cli.c
2318 * Requires: MBEDTLS_X509_USE_C
2320 * This module is required for X.509 certificate parsing.
2322 #define MBEDTLS_X509_CRT_PARSE_C
2325 * \def MBEDTLS_X509_CRL_PARSE_C
2327 * Enable X.509 CRL parsing.
2329 * Module: library/mbedtls_x509_crl.c
2330 * Caller: library/mbedtls_x509_crt.c
2332 * Requires: MBEDTLS_X509_USE_C
2334 * This module is required for X.509 CRL parsing.
2336 //#define MBEDTLS_X509_CRL_PARSE_C /* swyter: we don't verify certs directly */
2339 * \def MBEDTLS_X509_CSR_PARSE_C
2341 * Enable X.509 Certificate Signing Request (CSR) parsing.
2343 * Module: library/mbedtls_x509_csr.c
2344 * Caller: library/x509_crt_write.c
2346 * Requires: MBEDTLS_X509_USE_C
2348 * This module is used for reading X.509 certificate request.
2350 //#define MBEDTLS_X509_CSR_PARSE_C /* swyter: we don't verify certs directly */
2353 * \def MBEDTLS_X509_CREATE_C
2355 * Enable X.509 core for creating certificates.
2357 * Module: library/x509_create.c
2359 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
2361 * This module is the basis for creating X.509 certificates and CSRs.
2363 //#define MBEDTLS_X509_CREATE_C /* swyter: we don't create certs in schannel */
2366 * \def MBEDTLS_X509_CRT_WRITE_C
2368 * Enable creating X.509 certificates.
2370 * Module: library/x509_crt_write.c
2372 * Requires: MBEDTLS_X509_CREATE_C
2374 * This module is required for X.509 certificate creation.
2376 //#define MBEDTLS_X509_CRT_WRITE_C /* swyter: we don't create certs in schannel */
2379 * \def MBEDTLS_X509_CSR_WRITE_C
2381 * Enable creating X.509 Certificate Signing Requests (CSR).
2383 * Module: library/x509_csr_write.c
2385 * Requires: MBEDTLS_X509_CREATE_C
2387 * This module is required for X.509 certificate request writing.
2389 //#define MBEDTLS_X509_CSR_WRITE_C /* swyter: we don't create certs in schannel, this is for servers */
2392 * \def MBEDTLS_XTEA_C
2394 * Enable the XTEA block cipher.
2396 * Module: library/xtea.c
2399 #define MBEDTLS_XTEA_C
2401 /* \} name SECTION: mbed TLS modules */
2404 * \name SECTION: Module configuration options
2406 * This section allows for the setting of module specific sizes and
2407 * configuration options. The default values are already present in the
2408 * relevant header files and should suffice for the regular use cases.
2410 * Our advice is to enable options and change their values here
2411 * only if you have a good reason and know the consequences.
2413 * Please check the respective header file for documentation on these
2414 * parameters (to prevent duplicate documentation).
2418 /* MPI / BIGNUM options */
2419 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
2420 //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
2422 /* CTR_DRBG options */
2423 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
2424 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
2425 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
2426 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
2427 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
2429 /* HMAC_DRBG options */
2430 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
2431 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
2432 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
2433 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
2436 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
2437 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
2438 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
2440 /* Entropy options */
2441 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
2442 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
2444 /* Memory buffer allocator options */
2445 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
2447 /* Platform options */
2448 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
2449 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
2450 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
2451 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
2452 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
2453 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
2454 /* Note: your snprintf must correclty zero-terminate the buffer! */
2455 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
2457 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
2458 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
2459 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
2460 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
2461 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
2462 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
2463 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
2464 /* Note: your snprintf must correclty zero-terminate the buffer! */
2465 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
2467 /* SSL Cache options */
2468 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
2469 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
2472 //#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
2473 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
2474 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
2475 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
2478 * Complete list of ciphersuites to use, in order of preference.
2480 * \warning No dependency checking is done on that field! This option can only
2481 * be used to restrict the set of available ciphersuites. It is your
2482 * responsibility to make sure the needed modules are active.
2484 * Use this to save a few hundred bytes of ROM (default ordering of all
2485 * available ciphersuites) and a few to a few hundred bytes of RAM.
2487 * The value below is only an example, not the default.
2489 //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
2492 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
2494 /* \} name SECTION: Module configuration options */
2496 #if defined(TARGET_LIKE_MBED)
2497 #include "mbedtls/target_config.h"
2501 * Allow user to override any previous default.
2503 * Use two macro names for that, as:
2504 * - with yotta the prefix YOTTA_CFG_ is forced
2505 * - without yotta is looks weird to have a YOTTA prefix.
2507 #if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE)
2508 #include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE
2509 #elif defined(MBEDTLS_USER_CONFIG_FILE)
2510 #include MBEDTLS_USER_CONFIG_FILE
2513 #include "check_config.h"
2515 #endif /* MBEDTLS_CONFIG_H */