2016-08-05 02:39:38 -04:00
/**
*
2016-09-09 00:06:14 -04:00
* \ brief Default mbedTLS configuration options for esp - idf
2016-08-05 02:39:38 -04:00
*
* This set of compile - time options may be used to enable
* or disable features selectively , and reduce the global
* memory footprint .
*
* Copyright ( C ) 2006 - 2015 , ARM Limited , All Rights Reserved
* SPDX - License - Identifier : Apache - 2.0
*
* Licensed under the Apache License , Version 2.0 ( the " License " ) ; you may
* not use this file except in compliance with the License .
* You may obtain a copy of the License at
*
* http : //www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing , software
* distributed under the License is distributed on an " AS IS " BASIS , WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND , either express or implied .
* See the License for the specific language governing permissions and
* limitations under the License .
*
* This file is part of mbed TLS ( https : //tls.mbed.org)
*/
2019-06-26 05:51:30 -04:00
# ifndef ESP_CONFIG_H
# define ESP_CONFIG_H
2016-08-05 02:39:38 -04:00
2016-09-21 02:36:30 -04:00
# include "sdkconfig.h"
2019-06-26 05:51:30 -04:00
# include "mbedtls/config.h"
2016-08-05 02:39:38 -04:00
/**
* \ name SECTION : System support
*
* This section sets system specific settings .
* \ {
*/
/**
* \ def MBEDTLS_HAVE_TIME
*
* System has time . h and time ( ) .
* The time does not need to be correct , only time differences are used ,
* by contrast with MBEDTLS_HAVE_TIME_DATE
*
* Comment if your system does not support time functions
*/
2016-12-01 03:25:44 -05:00
# ifdef CONFIG_MBEDTLS_HAVE_TIME
# define MBEDTLS_HAVE_TIME
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_HAVE_TIME
2016-12-01 03:25:44 -05:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_HAVE_TIME_DATE
*
* System has time . h and time ( ) , gmtime ( ) and the clock is correct .
* The time needs to be correct ( not necesarily very accurate , but at least
* the date should be correct ) . This is used to verify the validity period of
* X .509 certificates .
*
* Comment if your system does not have a correct clock .
*/
2016-12-01 03:25:44 -05:00
# ifdef CONFIG_MBEDTLS_HAVE_TIME_DATE
# define MBEDTLS_HAVE_TIME_DATE
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_HAVE_TIME_DATE
2016-12-01 03:25:44 -05:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_PLATFORM_MEMORY
*
* Enable the memory allocation layer .
*
* By default mbed TLS uses the system - provided calloc ( ) and free ( ) .
* This allows different allocators ( self - implemented or provided ) to be
* provided to the platform abstraction layer .
*
* Enabling MBEDTLS_PLATFORM_MEMORY without the
* MBEDTLS_PLATFORM_ { FREE , CALLOC } _MACROs will provide
* " mbedtls_platform_set_calloc_free() " allowing you to set an alternative calloc ( ) and
* free ( ) function pointer at runtime .
*
* Enabling MBEDTLS_PLATFORM_MEMORY and specifying
* MBEDTLS_PLATFORM_ { CALLOC , FREE } _MACROs will allow you to specify the
* alternate function at compile time .
*
* Requires : MBEDTLS_PLATFORM_C
*
* Enable this layer to allow use of alternative memory allocators .
*/
2018-07-27 13:03:01 -04:00
# define MBEDTLS_PLATFORM_MEMORY
2018-09-19 05:59:20 -04:00
/** Override calloc(), free() except for case where memory allocation scheme is not set to custom */
# ifndef CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC
# include "esp_mem.h"
# define MBEDTLS_PLATFORM_STD_CALLOC esp_mbedtls_mem_calloc
# define MBEDTLS_PLATFORM_STD_FREE esp_mbedtls_mem_free
2018-07-27 13:03:01 -04:00
# endif
2016-08-05 02:39:38 -04:00
/* \} name SECTION: System support */
/**
* \ name SECTION : mbed TLS feature support
*
* This section sets support for features that are or are not needed
* within the modules that are enabled .
* \ {
*/
2016-09-08 05:41:43 -04:00
/* The following units have ESP32 hardware support,
uncommenting each _ALT macro will use the
hardware - accelerated implementation . */
2016-11-17 22:26:02 -05:00
# ifdef CONFIG_MBEDTLS_HARDWARE_AES
2016-09-08 05:41:43 -04:00
# define MBEDTLS_AES_ALT
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_AES_ALT
2016-11-17 22:26:02 -05:00
# endif
2016-09-14 03:52:39 -04:00
2020-01-16 01:31:10 -05:00
# ifdef CONFIG_MBEDTLS_HARDWARE_GCM
# define MBEDTLS_GCM_ALT
# else
# undef MBEDTLS_GCM_ALT
# endif
2016-11-20 00:29:29 -05:00
/* MBEDTLS_SHAxx_ALT to enable hardware SHA support
with software fallback .
*/
# ifdef CONFIG_MBEDTLS_HARDWARE_SHA
# define MBEDTLS_SHA1_ALT
# define MBEDTLS_SHA256_ALT
# define MBEDTLS_SHA512_ALT
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_SHA1_ALT
# undef MBEDTLS_SHA256_ALT
# undef MBEDTLS_SHA512_ALT
2016-11-20 00:29:29 -05:00
# endif
2016-09-08 05:41:43 -04:00
/* The following MPI (bignum) functions have ESP32 hardware support,
Uncommenting these macros will use the hardware - accelerated
implementations .
*/
2016-11-17 22:26:02 -05:00
# ifdef CONFIG_MBEDTLS_HARDWARE_MPI
2016-09-20 07:24:58 -04:00
# define MBEDTLS_MPI_EXP_MOD_ALT
2016-09-19 04:00:03 -04:00
# define MBEDTLS_MPI_MUL_MPI_ALT
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_MPI_EXP_MOD_ALT
# undef MBEDTLS_MPI_MUL_MPI_ALT
2016-11-17 22:26:02 -05:00
# endif
2016-09-08 05:41:43 -04:00
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_ENTROPY_HARDWARE_ALT
*
* Uncomment this macro to let mbed TLS use your own implementation of a
* hardware entropy collector .
*
* Your function must be called \ c mbedtls_hardware_poll ( ) , have the same
* prototype as declared in entropy_poll . h , and accept NULL as first argument .
*
* Uncomment to use your own hardware entropy collector .
*/
# define MBEDTLS_ENTROPY_HARDWARE_ALT
/**
* \ def MBEDTLS_AES_ROM_TABLES
*
* Store the AES tables in ROM .
*
* Uncomment this macro to store the AES tables in ROM .
*/
2016-08-08 01:56:36 -04:00
# define MBEDTLS_AES_ROM_TABLES
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_CIPHER_MODE_CBC
*
* Enable Cipher Block Chaining mode ( CBC ) for symmetric ciphers .
*/
# define MBEDTLS_CIPHER_MODE_CBC
/**
* \ def MBEDTLS_CIPHER_MODE_CFB
*
* Enable Cipher Feedback mode ( CFB ) for symmetric ciphers .
*/
# define MBEDTLS_CIPHER_MODE_CFB
/**
* \ def MBEDTLS_CIPHER_MODE_CTR
*
* Enable Counter Block Cipher mode ( CTR ) for symmetric ciphers .
*/
# define MBEDTLS_CIPHER_MODE_CTR
2018-07-02 07:10:43 -04:00
/**
2019-06-26 05:51:30 -04:00
* \ def MBEDTLS_CIPHER_MODE_OFB
2018-07-02 07:10:43 -04:00
*
2019-06-26 05:51:30 -04:00
* Enable Output Feedback mode ( OFB ) for symmetric ciphers .
2018-07-02 07:10:43 -04:00
*/
2019-06-26 05:51:30 -04:00
# define MBEDTLS_CIPHER_MODE_OFB
2018-07-02 07:10:43 -04:00
2016-08-05 02:39:38 -04:00
/**
2019-06-26 05:51:30 -04:00
* \ def MBEDTLS_CIPHER_MODE_XTS
2016-08-05 02:39:38 -04:00
*
2019-06-26 05:51:30 -04:00
* Enable Xor - encrypt - xor with ciphertext stealing mode ( XTS ) for AES .
2016-08-05 02:39:38 -04:00
*/
2019-06-26 05:51:30 -04:00
# define MBEDTLS_CIPHER_MODE_XTS
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_CIPHER_PADDING_PKCS7
*
* MBEDTLS_CIPHER_PADDING_XXX : Uncomment or comment macros to add support for
* specific padding modes in the cipher layer with cipher modes that support
* padding ( e . g . CBC )
*
* If you disable all padding modes , only full blocks can be used with CBC .
*
* Enable padding modes in the cipher layer .
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_CIPHER_PADDING_PKCS7
# define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
# define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
# define MBEDTLS_CIPHER_PADDING_ZEROS
2016-08-05 02:39:38 -04:00
/**
2019-06-26 05:51:30 -04:00
* \ def MBEDTLS_REMOVE_ARC4_CIPHERSUITES & MBEDTLS_ARC4_C
2019-09-30 02:15:43 -04:00
*
2019-06-26 05:51:30 -04:00
* MBEDTLS_ARC4_C
* Enable the ARCFOUR stream cipher .
2016-08-05 02:39:38 -04:00
*
2019-06-26 05:51:30 -04:00
* This module enables / disables the following ciphersuites
* MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
* MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
* MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
* MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
* MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
* MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
* MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
2016-08-05 02:39:38 -04:00
*
2019-06-26 05:51:30 -04:00
* MBEDTLS_REMOVE_ARC4_CIPHERSUITES
2016-08-05 02:39:38 -04:00
* This flag removes the ciphersuites based on RC4 from the default list as
* returned by mbedtls_ssl_list_ciphersuites ( ) . However , it is still possible to
* enable ( some of ) them with mbedtls_ssl_conf_ciphersuites ( ) by including them
* explicitly .
*
* Uncomment this macro to remove RC4 ciphersuites by default .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_RC4_ENABLED
2019-06-26 05:51:30 -04:00
# define MBEDTLS_ARC4_C
# undef MBEDTLS_REMOVE_ARC4_CIPHERSUITES
# elif defined CONFIG_MBEDTLS_RC4_ENABLED_NO_DEFAULT
# define MBEDTLS_ARC4_C
# define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
# else
# undef MBEDTLS_ARC4_C
2016-08-05 02:39:38 -04:00
# define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
2019-09-30 02:15:43 -04:00
/**
* \ def MBEDTLS_ECP_RESTARTABLE
*
* Enable " non-blocking " ECC operations that can return early and be resumed .
*
* This allows various functions to pause by returning
* # MBEDTLS_ERR_ECP_IN_PROGRESS ( or , for functions in the SSL module ,
* # MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) and then be called later again in
* order to further progress and eventually complete their operation . This is
* controlled through mbedtls_ecp_set_max_ops ( ) which limits the maximum
* number of ECC operations a function may perform before pausing ; see
* mbedtls_ecp_set_max_ops ( ) for more information .
*
* This is useful in non - threaded environments if you want to avoid blocking
* for too long on ECC ( and , hence , X .509 or SSL / TLS ) operations .
*
* Uncomment this macro to enable restartable ECC computations .
*
* \ note This option only works with the default software implementation of
* elliptic curve functionality . It is incompatible with
* MBEDTLS_ECP_ALT , MBEDTLS_ECDH_XXX_ALT and MBEDTLS_ECDSA_XXX_ALT .
*/
# ifdef CONFIG_MBEDTLS_ECP_RESTARTABLE
# define MBEDTLS_ECP_RESTARTABLE
# endif
/**
* \ def MBEDTLS_CMAC_C
*
* Enable the CMAC ( Cipher - based Message Authentication Code ) mode for block
* ciphers .
*
* Module : library / cmac . c
*
* Requires : MBEDTLS_AES_C or MBEDTLS_DES_C
*
*/
# ifdef CONFIG_MBEDTLS_CMAC_C
# define MBEDTLS_CMAC_C
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_ECP_DP_SECP192R1_ENABLED
*
* MBEDTLS_ECP_XXXX_ENABLED : Enables specific curves within the Elliptic Curve
* module . By default all supported curves are enabled .
*
* Comment macros to disable the curve and functions for it
*/
2017-08-18 03:44:33 -04:00
# ifdef CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED
2016-08-30 08:40:58 -04:00
# define MBEDTLS_ECP_DP_SECP192R1_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_ECP_DP_SECP192R1_ENABLED
2017-08-18 03:44:33 -04:00
# endif
# ifdef CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED
2016-08-30 08:40:58 -04:00
# define MBEDTLS_ECP_DP_SECP224R1_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_ECP_DP_SECP224R1_ENABLED
2017-08-18 03:44:33 -04:00
# endif
# ifdef CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED
2016-08-30 08:40:58 -04:00
# define MBEDTLS_ECP_DP_SECP256R1_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_ECP_DP_SECP256R1_ENABLED
2017-08-18 03:44:33 -04:00
# endif
# ifdef CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED
2016-08-30 08:40:58 -04:00
# define MBEDTLS_ECP_DP_SECP384R1_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_ECP_DP_SECP384R1_ENABLED
2017-08-18 03:44:33 -04:00
# endif
# ifdef CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED
2016-08-30 08:40:58 -04:00
# define MBEDTLS_ECP_DP_SECP521R1_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_ECP_DP_SECP521R1_ENABLED
2017-08-18 03:44:33 -04:00
# endif
# ifdef CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED
2016-08-30 08:40:58 -04:00
# define MBEDTLS_ECP_DP_SECP192K1_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_ECP_DP_SECP192K1_ENABLED
2017-08-18 03:44:33 -04:00
# endif
# ifdef CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED
2016-08-30 08:40:58 -04:00
# define MBEDTLS_ECP_DP_SECP224K1_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_ECP_DP_SECP224K1_ENABLED
2017-08-18 03:44:33 -04:00
# endif
# ifdef CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED
2016-08-30 08:40:58 -04:00
# define MBEDTLS_ECP_DP_SECP256K1_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_ECP_DP_SECP256K1_ENABLED
2017-08-18 03:44:33 -04:00
# endif
# ifdef CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED
2016-08-30 08:40:58 -04:00
# define MBEDTLS_ECP_DP_BP256R1_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_ECP_DP_BP256R1_ENABLED
2017-08-18 03:44:33 -04:00
# endif
# ifdef CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED
2016-08-30 08:40:58 -04:00
# define MBEDTLS_ECP_DP_BP384R1_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_ECP_DP_BP384R1_ENABLED
2017-08-18 03:44:33 -04:00
# endif
# ifdef CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED
2016-08-30 08:40:58 -04:00
# define MBEDTLS_ECP_DP_BP512R1_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_ECP_DP_BP512R1_ENABLED
2017-08-18 03:44:33 -04:00
# endif
# ifdef CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED
2016-08-30 08:40:58 -04:00
# define MBEDTLS_ECP_DP_CURVE25519_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_ECP_DP_CURVE25519_ENABLED
# endif
# ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
# undef MBEDTLS_ECP_DP_CURVE448_ENABLED
2017-08-18 03:44:33 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_ECP_NIST_OPTIM
*
* Enable specific ' modulo p ' routines for each NIST prime .
* Depending on the prime and architecture , makes operations 4 to 8 times
* faster on the corresponding curve .
*
* Comment this macro to disable NIST curves optimisation .
*/
2017-08-18 03:44:33 -04:00
# ifdef CONFIG_MBEDTLS_ECP_NIST_OPTIM
2016-08-30 08:40:58 -04:00
# define MBEDTLS_ECP_NIST_OPTIM
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_ECP_NIST_OPTIM
2017-08-18 03:44:33 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_ECDSA_DETERMINISTIC
*
* Enable deterministic ECDSA ( RFC 6979 ) .
* Standard ECDSA is " fragile " in the sense that lack of entropy when signing
* may result in a compromise of the long - term signing key . This is avoided by
* the deterministic variant .
*
* Requires : MBEDTLS_HMAC_DRBG_C
*
* Comment this macro to disable deterministic ECDSA .
*/
2020-04-23 02:11:24 -04:00
# ifdef CONFIG_MBEDTLS_ECDSA_DETERMINISTIC
2016-08-30 08:40:58 -04:00
# define MBEDTLS_ECDSA_DETERMINISTIC
2020-04-23 02:11:24 -04:00
# else
# undef MBEDTLS_ECDSA_DETERMINISTIC
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
*
* Enable the PSK based ciphersuite modes in SSL / TLS .
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
* MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_PSK
2016-08-30 08:40:58 -04:00
# define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
*
* Enable the DHE - PSK based ciphersuite modes in SSL / TLS .
*
* Requires : MBEDTLS_DHM_C
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
* MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK
2016-08-30 08:40:58 -04:00
# define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
*
* Enable the ECDHE - PSK based ciphersuite modes in SSL / TLS .
*
* Requires : MBEDTLS_ECDH_C
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
2016-08-30 08:40:58 -04:00
# define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
*
* Enable the RSA - PSK based ciphersuite modes in SSL / TLS .
*
* Requires : MBEDTLS_RSA_C , MBEDTLS_PKCS1_V15 ,
* MBEDTLS_X509_CRT_PARSE_C
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
* MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK
2016-08-05 02:39:38 -04:00
# define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
*
* Enable the RSA - only based ciphersuite modes in SSL / TLS .
*
* Requires : MBEDTLS_RSA_C , MBEDTLS_PKCS1_V15 ,
* MBEDTLS_X509_CRT_PARSE_C
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
* MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
* MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
* MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
* MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
* MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_RSA
2016-08-05 02:39:38 -04:00
# define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
*
* Enable the DHE - RSA based ciphersuite modes in SSL / TLS .
*
* Requires : MBEDTLS_DHM_C , MBEDTLS_RSA_C , MBEDTLS_PKCS1_V15 ,
* MBEDTLS_X509_CRT_PARSE_C
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
* MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
* MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA
2016-08-30 08:40:58 -04:00
# define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
*
* Enable the ECDHE - RSA based ciphersuite modes in SSL / TLS .
*
* Requires : MBEDTLS_ECDH_C , MBEDTLS_RSA_C , MBEDTLS_PKCS1_V15 ,
* MBEDTLS_X509_CRT_PARSE_C
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
2016-08-30 08:40:58 -04:00
# define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
*
* Enable the ECDHE - ECDSA based ciphersuite modes in SSL / TLS .
*
* Requires : MBEDTLS_ECDH_C , MBEDTLS_ECDSA_C , MBEDTLS_X509_CRT_PARSE_C ,
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
2016-08-30 08:40:58 -04:00
# define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
*
* Enable the ECDH - ECDSA based ciphersuite modes in SSL / TLS .
*
* Requires : MBEDTLS_ECDH_C , MBEDTLS_X509_CRT_PARSE_C
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
* MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
* MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
2016-08-30 08:40:58 -04:00
# define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
*
* Enable the ECDH - RSA based ciphersuite modes in SSL / TLS .
*
* Requires : MBEDTLS_ECDH_C , MBEDTLS_X509_CRT_PARSE_C
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
* MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
* MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA
2016-08-30 08:40:58 -04:00
# define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
2020-04-12 06:20:10 -04:00
/**
* \ def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
*
* Enable the ECJPAKE based ciphersuite modes in SSL / TLS .
*
* \ warning This is currently experimental . EC J - PAKE support is based on the
* Thread v1 .0 .0 specification ; incompatible changes to the specification
* might still happen . For this reason , this is disabled by default .
*
* Requires : MBEDTLS_ECJPAKE_C
* MBEDTLS_SHA256_C
* MBEDTLS_ECP_DP_SECP256R1_ENABLED
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
* MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
*/
# ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECJPAKE
# define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
# else
# undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_PK_PARSE_EC_EXTENDED
*
* Enhance support for reading EC keys using variants of SEC1 not allowed by
* RFC 5915 and RFC 5480.
*
* Currently this means parsing the SpecifiedECDomain choice of EC
* parameters ( only known groups are supported , not arbitrary domains , to
* avoid validation issues ) .
*
* Disable if you only need to support RFC 5915 + 5480 key formats .
*/
# define MBEDTLS_PK_PARSE_EC_EXTENDED
/**
* \ def MBEDTLS_ERROR_STRERROR_DUMMY
*
* Enable a dummy error function to make use of mbedtls_strerror ( ) in
* third party libraries easier when MBEDTLS_ERROR_C is disabled
* ( no effect when MBEDTLS_ERROR_C is enabled ) .
*
* You can safely disable this if MBEDTLS_ERROR_C is enabled , or if you ' re
* not using mbedtls_strerror ( ) or error_strerror ( ) in your application .
*
* Disable if you run into name conflicts and want to really remove the
* mbedtls_strerror ( )
*/
# define MBEDTLS_ERROR_STRERROR_DUMMY
/**
* \ def MBEDTLS_GENPRIME
*
* Enable the prime - number generation code .
*
* Requires : MBEDTLS_BIGNUM_C
*/
# define MBEDTLS_GENPRIME
/**
* \ def MBEDTLS_FS_IO
*
* Enable functions that use the filesystem .
*/
2017-02-05 23:33:31 -05:00
# define MBEDTLS_FS_IO
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_NO_PLATFORM_ENTROPY
*
* Do not use built - in platform entropy functions .
* This is useful if your platform does not support
* standards like the / dev / urandom or Windows CryptoAPI .
*
* Uncomment this macro to disable the built - in platform entropy functions .
*/
# define MBEDTLS_NO_PLATFORM_ENTROPY
/**
* \ def MBEDTLS_PK_RSA_ALT_SUPPORT
*
* Support external private RSA keys ( eg from a HSM ) in the PK layer .
*
* Comment this macro to disable support for external private RSA keys .
*/
# define MBEDTLS_PK_RSA_ALT_SUPPORT
/**
* \ def MBEDTLS_PKCS1_V15
*
* Enable support for PKCS # 1 v1 .5 encoding .
*
* Requires : MBEDTLS_RSA_C
*
* This enables support for PKCS # 1 v1 .5 operations .
*/
# define MBEDTLS_PKCS1_V15
/**
* \ def MBEDTLS_PKCS1_V21
*
* Enable support for PKCS # 1 v2 .1 encoding .
*
* Requires : MBEDTLS_MD_C , MBEDTLS_RSA_C
*
* This enables support for RSAES - OAEP and RSASSA - PSS operations .
*/
# define MBEDTLS_PKCS1_V21
/**
* \ def MBEDTLS_SELF_TEST
*
* Enable the checkup functions ( * _self_test ) .
*/
# define MBEDTLS_SELF_TEST
/**
* \ def MBEDTLS_SSL_ALL_ALERT_MESSAGES
*
* Enable sending of alert messages in case of encountered errors as per RFC .
* If you choose not to send the alert messages , mbed TLS can still communicate
* with other servers , only debugging of failures is harder .
*
* The advantage of not sending alert messages , is that no information is given
* about reasons for failures thus preventing adversaries of gaining intel .
*
* Enable sending of all alert messages
*/
# define MBEDTLS_SSL_ALL_ALERT_MESSAGES
/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
*
* Enable support for Encrypt - then - MAC , RFC 7366.
*
* This allows peers that both support it to use a more robust protection for
* ciphersuites using CBC , providing deep resistance against timing attacks
* on the padding or underlying cipher .
*
* This only affects CBC ciphersuites , and is useless if none is defined .
*
* Requires : MBEDTLS_SSL_PROTO_TLS1 or
* MBEDTLS_SSL_PROTO_TLS1_1 or
* MBEDTLS_SSL_PROTO_TLS1_2
*
* Comment this macro to disable support for Encrypt - then - MAC
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_TLS_ENABLED
2016-08-30 08:40:58 -04:00
# define MBEDTLS_SSL_ENCRYPT_THEN_MAC
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
*
* Enable support for Extended Master Secret , aka Session Hash
* ( draft - ietf - tls - session - hash - 02 ) .
*
* This was introduced as " the proper fix " to the Triple Handshake familiy of
* attacks , but it is recommended to always use it ( even if you disable
* renegotiation ) , since it actually fixes a more fundamental issue in the
* original SSL / TLS design , and has implications beyond Triple Handshake .
*
* Requires : MBEDTLS_SSL_PROTO_TLS1 or
* MBEDTLS_SSL_PROTO_TLS1_1 or
* MBEDTLS_SSL_PROTO_TLS1_2
*
* Comment this macro to disable support for Extended Master Secret .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_TLS_ENABLED
2016-08-30 08:40:58 -04:00
# define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_FALLBACK_SCSV
*
* Enable support for FALLBACK_SCSV ( draft - ietf - tls - downgrade - scsv - 00 ) .
*
* For servers , it is recommended to always enable this , unless you support
* only one version of TLS , or know for sure that none of your clients
* implements a fallback strategy .
*
* For clients , you only need this if you ' re using a fallback strategy , which
* is not recommended in the first place , unless you absolutely need it to
* interoperate with buggy ( version - intolerant ) servers .
*
* Comment this macro to disable support for FALLBACK_SCSV
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_SSL_FALLBACK_SCSV
2016-08-05 02:39:38 -04:00
/**
2019-06-26 05:51:30 -04:00
* \ def MBEDTLS_SSL_PROTO_TLS1
2016-08-05 02:39:38 -04:00
*
2019-06-26 05:51:30 -04:00
* Enable support for TLS 1.0 .
2016-08-05 02:39:38 -04:00
*
2019-06-26 05:51:30 -04:00
* Requires : MBEDTLS_MD5_C
* MBEDTLS_SHA1_C
*
* Comment this macro to disable support for TLS 1.0
2016-08-05 02:39:38 -04:00
*/
2019-06-26 05:51:30 -04:00
# ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1
# define MBEDTLS_SSL_PROTO_TLS1
# else
# undef MBEDTLS_SSL_PROTO_TLS1
# endif
/**
* \ def MBEDTLS_SSL_PROTO_SSL3
*
* Enable support for SSL 3.0 .
*
* Requires : MBEDTLS_MD5_C
* MBEDTLS_SHA1_C
*
* Comment this macro to disable support for SSL 3.0
*/
# ifdef CONFIG_MBEDTLS_SSL_PROTO_SSL3
# define MBEDTLS_SSL_PROTO_SSL3
# else
# undef MBEDTLS_SSL_PROTO_SSL3
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_CBC_RECORD_SPLITTING
*
* Enable 1 / n - 1 record splitting for CBC mode in SSLv3 and TLS 1.0 .
*
* This is a countermeasure to the BEAST attack , which also minimizes the risk
* of interoperability issues compared to sending 0 - length records .
*
* Comment this macro to disable 1 / n - 1 record splitting .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
2016-08-05 02:39:38 -04:00
# define MBEDTLS_SSL_CBC_RECORD_SPLITTING
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_SSL_CBC_RECORD_SPLITTING
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_RENEGOTIATION
*
* Disable support for TLS renegotiation .
*
* The two main uses of renegotiation are ( 1 ) refresh keys on long - lived
* connections and ( 2 ) client authentication after the initial handshake .
* If you don ' t need renegotiation , it ' s probably better to disable it , since
* it has been associated with security issues in the past and is easy to
* misuse / misunderstand .
*
* Comment this to disable support for renegotiation .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_SSL_RENEGOTIATION
2016-08-30 08:40:58 -04:00
# define MBEDTLS_SSL_RENEGOTIATION
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_SSL_RENEGOTIATION
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
*
* Enable support for RFC 6066 max_fragment_length extension in SSL .
*
* Comment this macro to disable support for the max_fragment_length extension
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_PROTO_TLS1_1
*
* Enable support for TLS 1.1 ( and DTLS 1.0 if DTLS is enabled ) .
*
* Requires : MBEDTLS_MD5_C
* MBEDTLS_SHA1_C
*
* Comment this macro to disable support for TLS 1.1 / DTLS 1.0
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_1
2016-08-05 02:39:38 -04:00
# define MBEDTLS_SSL_PROTO_TLS1_1
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_PROTO_TLS1_2
*
* Enable support for TLS 1.2 ( and DTLS 1.2 if DTLS is enabled ) .
*
* Requires : MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
* ( Depends on ciphersuites )
*
* Comment this macro to disable support for TLS 1.2 / DTLS 1.2
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_2
2016-08-05 02:39:38 -04:00
# define MBEDTLS_SSL_PROTO_TLS1_2
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_SSL_PROTO_TLS1_2
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_PROTO_DTLS
*
* Enable support for DTLS ( all available versions ) .
*
* Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0 ,
* and / or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2 .
*
* Requires : MBEDTLS_SSL_PROTO_TLS1_1
* or MBEDTLS_SSL_PROTO_TLS1_2
*
* Comment this macro to disable support for DTLS
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
2016-08-30 08:40:58 -04:00
# define MBEDTLS_SSL_PROTO_DTLS
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_SSL_PROTO_DTLS
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_ALPN
*
* Enable support for RFC 7301 Application Layer Protocol Negotiation .
*
* Comment this macro to disable support for ALPN .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_SSL_ALPN
2016-08-30 08:40:58 -04:00
# define MBEDTLS_SSL_ALPN
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_SSL_ALPN
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_DTLS_ANTI_REPLAY
*
* Enable support for the anti - replay mechanism in DTLS .
*
* Requires : MBEDTLS_SSL_TLS_C
* MBEDTLS_SSL_PROTO_DTLS
*
* \ warning Disabling this is often a security risk !
* See mbedtls_ssl_conf_dtls_anti_replay ( ) for details .
*
* Comment this to disable anti - replay in DTLS .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
2016-08-30 08:40:58 -04:00
# define MBEDTLS_SSL_DTLS_ANTI_REPLAY
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_DTLS_HELLO_VERIFY
*
* Enable support for HelloVerifyRequest on DTLS servers .
*
* This feature is highly recommended to prevent DTLS servers being used as
* amplifiers in DoS attacks against other hosts . It should always be enabled
* unless you know for sure amplification cannot be a problem in the
* environment in which your server operates .
*
* \ warning Disabling this can ba a security risk ! ( see above )
*
* Requires : MBEDTLS_SSL_PROTO_DTLS
*
* Comment this to disable support for HelloVerifyRequest .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
2016-08-30 08:40:58 -04:00
# define MBEDTLS_SSL_DTLS_HELLO_VERIFY
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
*
* Enable server - side support for clients that reconnect from the same port .
*
* Some clients unexpectedly close the connection and try to reconnect using the
* same source port . This needs special support from the server to handle the
* new connection securely , as described in section 4.2 .8 of RFC 6347. This
* flag enables that support .
*
* Requires : MBEDTLS_SSL_DTLS_HELLO_VERIFY
*
* Comment this to disable support for clients reusing the source port .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
2016-08-30 08:40:58 -04:00
# define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
*
* Enable support for a limit of records with bad MAC .
*
* See mbedtls_ssl_conf_dtls_badmac_limit ( ) .
*
* Requires : MBEDTLS_SSL_PROTO_DTLS
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
2016-08-30 08:40:58 -04:00
# define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_SSL_DTLS_BADMAC_LIMIT
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_SESSION_TICKETS
*
* Enable support for RFC 5077 session tickets in SSL .
* Client - side , provides full support for session tickets ( maintainance of a
* session store remains the responsibility of the application , though ) .
* Server - side , you also need to provide callbacks for writing and parsing
* tickets , including authenticated encryption and key management . Example
* callbacks are provided by MBEDTLS_SSL_TICKET_C .
*
* Comment this macro to disable support for SSL session tickets
*/
2018-10-15 20:28:29 -04:00
# ifdef CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS
2016-08-30 08:40:58 -04:00
# define MBEDTLS_SSL_SESSION_TICKETS
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_SSL_SESSION_TICKETS
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_EXPORT_KEYS
*
* Enable support for exporting key block and master secret .
* This is required for certain users of TLS , e . g . EAP - TLS .
*
* Comment this macro to disable support for key export
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_SSL_EXPORT_KEYS
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_SERVER_NAME_INDICATION
*
* Enable support for RFC 6066 server name indication ( SNI ) in SSL .
*
* Requires : MBEDTLS_X509_CRT_PARSE_C
*
* Comment this macro to disable support for server name indication in SSL
*/
# define MBEDTLS_SSL_SERVER_NAME_INDICATION
/**
* \ def MBEDTLS_SSL_TRUNCATED_HMAC
*
* Enable support for RFC 6066 truncated HMAC in SSL .
*
* Comment this macro to disable support for truncated HMAC in SSL
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_SSL_TRUNCATED_HMAC
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_VERSION_FEATURES
*
* Allow run - time checking of compile - time enabled features . Thus allowing users
* to check at run - time if the library is for instance compiled with threading
* support via mbedtls_version_check_feature ( ) .
*
* Requires : MBEDTLS_VERSION_C
*
* Comment this to disable run - time checking and save ROM space
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_VERSION_FEATURES
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_X509_CHECK_KEY_USAGE
*
* Enable verification of the keyUsage extension ( CA and leaf certificates ) .
*
* Disabling this avoids problems with mis - issued and / or misused
* ( intermediate ) CA and leaf certificates .
*
* \ warning Depending on your PKI use , disabling this can be a security risk !
*
* Comment to skip keyUsage checking for both CA and leaf certificates .
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_X509_CHECK_KEY_USAGE
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
*
* Enable verification of the extendedKeyUsage extension ( leaf certificates ) .
*
* Disabling this avoids problems with mis - issued and / or misused certificates .
*
* \ warning Depending on your PKI use , disabling this can be a security risk !
*
* Comment to skip extendedKeyUsage checking for certificates .
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_X509_RSASSA_PSS_SUPPORT
*
* Enable parsing and verification of X .509 certificates , CRLs and CSRS
* signed with RSASSA - PSS ( aka PKCS # 1 v2 .1 ) .
*
* Comment this macro to disallow using RSASSA - PSS in certificates .
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_X509_RSASSA_PSS_SUPPORT
2016-08-05 02:39:38 -04:00
2019-06-26 05:51:30 -04:00
2016-08-05 02:39:38 -04:00
/* \} name SECTION: mbed TLS feature support */
/**
* \ name SECTION : mbed TLS modules
*
* This section enables or disables entire modules in mbed TLS
* \ {
*/
/**
* \ def MBEDTLS_AESNI_C
*
* Enable AES - NI support on x86 - 64.
*
* Module : library / aesni . c
* Caller : library / aes . c
*
* Requires : MBEDTLS_HAVE_ASM
*
* This modules adds support for the AES - NI instructions on x86 - 64
*/
# define MBEDTLS_AESNI_C
/**
* \ def MBEDTLS_AES_C
*
* Enable the AES block cipher .
*
* Module : library / aes . c
* Caller : library / ssl_tls . c
* library / pem . c
* library / ctr_drbg . c
*
* This module enables the following ciphersuites ( if other requisites are
* enabled as well ) :
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
* MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
*
* PEM_PARSE uses AES for decrypting encrypted keys .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_AES_C
2016-08-05 02:39:38 -04:00
# define MBEDTLS_AES_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_AES_C
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_ASN1_PARSE_C
*
* Enable the generic ASN1 parser .
*
* Module : library / asn1 . c
* Caller : library / x509 . c
* library / dhm . c
* library / pkcs12 . c
* library / pkcs5 . c
* library / pkparse . c
*/
# define MBEDTLS_ASN1_PARSE_C
/**
* \ def MBEDTLS_ASN1_WRITE_C
*
* Enable the generic ASN1 writer .
*
* Module : library / asn1write . c
* Caller : library / ecdsa . c
* library / pkwrite . c
* library / x509_create . c
* library / x509write_crt . c
* library / mbedtls_x509write_csr . c
*/
# define MBEDTLS_ASN1_WRITE_C
/**
* \ def MBEDTLS_BASE64_C
*
* Enable the Base64 module .
*
* Module : library / base64 . c
* Caller : library / pem . c
*
* This module is required for PEM support ( required by X .509 ) .
*/
# define MBEDTLS_BASE64_C
/**
* \ def MBEDTLS_BIGNUM_C
*
* Enable the multi - precision integer library .
*
* Module : library / bignum . c
* Caller : library / dhm . c
* library / ecp . c
* library / ecdsa . c
* library / rsa . c
* library / ssl_tls . c
*
* This module is required for RSA , DHM and ECC ( ECDH , ECDSA ) support .
*/
# define MBEDTLS_BIGNUM_C
/**
* \ def MBEDTLS_BLOWFISH_C
*
* Enable the Blowfish block cipher .
*
* Module : library / blowfish . c
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_BLOWFISH_C
2016-08-30 08:40:58 -04:00
# define MBEDTLS_BLOWFISH_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_BLOWFISH_C
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_CAMELLIA_C
*
* Enable the Camellia block cipher .
*
* Module : library / camellia . c
* Caller : library / ssl_tls . c
*
* This module enables the following ciphersuites ( if other requisites are
* enabled as well ) :
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_CAMELLIA_C
2016-08-30 08:40:58 -04:00
# define MBEDTLS_CAMELLIA_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_CAMELLIA_C
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_CCM_C
*
* Enable the Counter with CBC - MAC ( CCM ) mode for 128 - bit block cipher .
*
* Module : library / ccm . c
*
* Requires : MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
*
* This module enables the AES - CCM ciphersuites , if other requisites are
* enabled as well .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_CCM_C
2016-08-30 08:40:58 -04:00
# define MBEDTLS_CCM_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_CCM_C
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_CERTS_C
*
* Enable the test certificates .
*
* Module : library / certs . c
* Caller :
*
* This module is used for testing ( ssl_client / server ) .
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_CERTS_C
2016-08-05 02:39:38 -04:00
2019-06-26 05:51:30 -04:00
/**
* \ def MBEDTLS_CHACHA20_C
*
2020-05-05 12:22:56 -04:00
* Enable the ChaCha20 stream cipher .
2019-06-26 05:51:30 -04:00
*
* Module : library / chacha20 . c
*/
2020-05-05 12:22:56 -04:00
# ifdef CONFIG_MBEDTLS_CHACHA20_C
# define MBEDTLS_CHACHA20_C
# else
2019-06-26 05:51:30 -04:00
# undef MBEDTLS_CHACHA20_C
# endif
/**
* \ def MBEDTLS_CHACHAPOLY_C
*
2020-05-05 12:22:56 -04:00
* Enable the ChaCha20 - Poly1305 AEAD algorithm .
2019-06-26 05:51:30 -04:00
*
* Module : library / chachapoly . c
*
* This module requires : MBEDTLS_CHACHA20_C , MBEDTLS_POLY1305_C
*/
2020-05-05 12:22:56 -04:00
# ifdef CONFIG_MBEDTLS_CHACHAPOLY_C
# define MBEDTLS_CHACHAPOLY_C
# else
2019-06-26 05:51:30 -04:00
# undef MBEDTLS_CHACHAPOLY_C
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_CIPHER_C
*
* Enable the generic cipher layer .
*
* Module : library / cipher . c
* Caller : library / ssl_tls . c
*
* Uncomment to enable generic cipher wrappers .
*/
# define MBEDTLS_CIPHER_C
/**
* \ def MBEDTLS_CTR_DRBG_C
*
* Enable the CTR_DRBG AES - 256 - based random generator .
*
* Module : library / ctr_drbg . c
* Caller :
*
* Requires : MBEDTLS_AES_C
*
* This module provides the CTR_DRBG AES - 256 random number generator .
*/
# define MBEDTLS_CTR_DRBG_C
/**
* \ def MBEDTLS_DEBUG_C
*
* Enable the debug functions .
*
* Module : library / debug . c
* Caller : library / ssl_cli . c
* library / ssl_srv . c
* library / ssl_tls . c
*
* This module provides debugging functions .
*/
2016-09-21 02:36:30 -04:00
# if CONFIG_MBEDTLS_DEBUG
2016-08-30 08:40:58 -04:00
# define MBEDTLS_DEBUG_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_DEBUG_C
2016-09-21 02:36:30 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_DES_C
*
* Enable the DES block cipher .
*
* Module : library / des . c
* Caller : library / pem . c
* library / ssl_tls . c
*
* This module enables the following ciphersuites ( if other requisites are
* enabled as well ) :
* MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
*
* PEM_PARSE uses DES / 3 DES for decrypting encrypted keys .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_DES_C
2016-08-30 08:40:58 -04:00
# define MBEDTLS_DES_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_DES_C
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_DHM_C
*
* Enable the Diffie - Hellman - Merkle module .
*
* Module : library / dhm . c
* Caller : library / ssl_cli . c
* library / ssl_srv . c
*
* This module is used by the following key exchanges :
* DHE - RSA , DHE - PSK
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_DHM_C
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_ECDH_C
*
* Enable the elliptic curve Diffie - Hellman library .
*
* Module : library / ecdh . c
* Caller : library / ssl_cli . c
* library / ssl_srv . c
*
* This module is used by the following key exchanges :
* ECDHE - ECDSA , ECDHE - RSA , DHE - PSK
*
* Requires : MBEDTLS_ECP_C
*/
2017-08-18 03:44:33 -04:00
# ifdef CONFIG_MBEDTLS_ECDH_C
2016-08-30 08:40:58 -04:00
# define MBEDTLS_ECDH_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_ECDH_C
2017-08-18 03:44:33 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_ECDSA_C
*
* Enable the elliptic curve DSA library .
*
* Module : library / ecdsa . c
* Caller :
*
* This module is used by the following key exchanges :
* ECDHE - ECDSA
*
* Requires : MBEDTLS_ECP_C , MBEDTLS_ASN1_WRITE_C , MBEDTLS_ASN1_PARSE_C
*/
2017-08-18 03:44:33 -04:00
# ifdef CONFIG_MBEDTLS_ECDSA_C
2016-08-30 08:40:58 -04:00
# define MBEDTLS_ECDSA_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_ECDSA_C
2017-08-18 03:44:33 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_ECJPAKE_C
*
* Enable the elliptic curve J - PAKE library .
*
* \ warning This is currently experimental . EC J - PAKE support is based on the
* Thread v1 .0 .0 specification ; incompatible changes to the specification
* might still happen . For this reason , this is disabled by default .
*
* Module : library / ecjpake . c
* Caller :
*
* This module is used by the following key exchanges :
* ECJPAKE
*
* Requires : MBEDTLS_ECP_C , MBEDTLS_MD_C
*/
2020-04-12 06:20:10 -04:00
# ifdef CONFIG_MBEDTLS_ECJPAKE_C
# define MBEDTLS_ECJPAKE_C
# else
# undef MBEDTLS_ECJPAKE_C
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_ECP_C
*
* Enable the elliptic curve over GF ( p ) library .
*
* Module : library / ecp . c
* Caller : library / ecdh . c
* library / ecdsa . c
* library / ecjpake . c
*
* Requires : MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
*/
2017-08-18 03:44:33 -04:00
# ifdef CONFIG_MBEDTLS_ECP_C
2016-08-30 08:40:58 -04:00
# define MBEDTLS_ECP_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_ECP_C
2017-08-18 03:44:33 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_ENTROPY_C
*
* Enable the platform - specific entropy code .
*
* Module : library / entropy . c
* Caller :
*
* Requires : MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
*
* This module provides a generic entropy pool
*/
# define MBEDTLS_ENTROPY_C
/**
* \ def MBEDTLS_ERROR_C
*
* Enable error code to error string conversion .
*
* Module : library / error . c
* Caller :
*
* This module enables mbedtls_strerror ( ) .
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_ERROR_C
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_GCM_C
*
* Enable the Galois / Counter Mode ( GCM ) for AES .
*
* Module : library / gcm . c
*
* Requires : MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
*
* This module enables the AES - GCM and CAMELLIA - GCM ciphersuites , if other
* requisites are enabled as well .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_GCM_C
2016-08-30 08:40:58 -04:00
# define MBEDTLS_GCM_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_GCM_C
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
2019-06-26 05:51:30 -04:00
* \ def MBEDTLS_HKDF_C
2016-08-05 02:39:38 -04:00
*
2020-05-10 08:41:17 -04:00
* Enable the HKDF algorithm ( RFC 5869 ) .
2016-08-05 02:39:38 -04:00
*
2019-06-26 05:51:30 -04:00
* Module : library / hkdf . c
2016-08-05 02:39:38 -04:00
* Caller :
*
2019-06-26 05:51:30 -04:00
* Requires : MBEDTLS_MD_C
2016-08-05 02:39:38 -04:00
*
2020-05-10 08:41:17 -04:00
* This module enables support for the Hashed Message Authentication Code
2019-06-26 05:51:30 -04:00
* ( HMAC ) - based key derivation function ( HKDF ) .
2016-08-05 02:39:38 -04:00
*/
2020-05-10 08:41:17 -04:00
# ifdef CONFIG_MBEDTLS_HKDF_C
# define MBEDTLS_HKDF_C
# else
2019-06-26 05:51:30 -04:00
# undef MBEDTLS_HKDF_C
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_HMAC_DRBG_C
*
* Enable the HMAC_DRBG random generator .
*
* Module : library / hmac_drbg . c
* Caller :
*
* Requires : MBEDTLS_MD_C
*
* Uncomment to enable the HMAC_DRBG random number geerator .
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_HMAC_DRBG_C
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_MD_C
*
* Enable the generic message digest layer .
*
* Module : library / mbedtls_md . c
* Caller :
*
* Uncomment to enable generic message digest wrappers .
*/
# define MBEDTLS_MD_C
/**
* \ def MBEDTLS_MD5_C
*
* Enable the MD5 hash algorithm .
*
* Module : library / mbedtls_md5 . c
* Caller : library / mbedtls_md . c
* library / pem . c
* library / ssl_tls . c
*
* This module is required for SSL / TLS and X .509 .
* PEM_PARSE uses MD5 for decrypting encrypted keys .
*/
# define MBEDTLS_MD5_C
/**
* \ def MBEDTLS_NET_C
*
* Enable the TCP / IP networking routines .
*
* Module : library / net . c
*
* This module provides TCP / IP networking routines .
*/
2019-06-26 05:51:30 -04:00
# ifdef MBEDTLS_NET_C
# undef MBEDTLS_NET_C
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_OID_C
*
* Enable the OID database .
*
* Module : library / oid . c
* Caller : library / asn1write . c
* library / pkcs5 . c
* library / pkparse . c
* library / pkwrite . c
* library / rsa . c
* library / x509 . c
* library / x509_create . c
* library / mbedtls_x509_crl . c
* library / mbedtls_x509_crt . c
* library / mbedtls_x509_csr . c
* library / x509write_crt . c
* library / mbedtls_x509write_csr . c
*
* This modules translates between OIDs and internal values .
*/
# define MBEDTLS_OID_C
/**
* \ def MBEDTLS_PADLOCK_C
*
* Enable VIA Padlock support on x86 .
*
* Module : library / padlock . c
* Caller : library / aes . c
*
* Requires : MBEDTLS_HAVE_ASM
*
* This modules adds support for the VIA PadLock on x86 .
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_PADLOCK_C
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_PEM_PARSE_C
*
* Enable PEM decoding / parsing .
*
* Module : library / pem . c
* Caller : library / dhm . c
* library / pkparse . c
* library / mbedtls_x509_crl . c
* library / mbedtls_x509_crt . c
* library / mbedtls_x509_csr . c
*
* Requires : MBEDTLS_BASE64_C
*
* This modules adds support for decoding / parsing PEM files .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_PEM_PARSE_C
2016-08-05 02:39:38 -04:00
# define MBEDTLS_PEM_PARSE_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_PEM_PARSE_C
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_PEM_WRITE_C
*
* Enable PEM encoding / writing .
*
* Module : library / pem . c
* Caller : library / pkwrite . c
* library / x509write_crt . c
* library / mbedtls_x509write_csr . c
*
* Requires : MBEDTLS_BASE64_C
*
* This modules adds support for encoding / writing PEM files .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_PEM_WRITE_C
2016-08-05 02:39:38 -04:00
# define MBEDTLS_PEM_WRITE_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_PEM_WRITE_C
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_PK_C
*
* Enable the generic public ( asymetric ) key layer .
*
* Module : library / pk . c
* Caller : library / ssl_tls . c
* library / ssl_cli . c
* library / ssl_srv . c
*
* Requires : MBEDTLS_RSA_C or MBEDTLS_ECP_C
*
* Uncomment to enable generic public key wrappers .
*/
# define MBEDTLS_PK_C
/**
* \ def MBEDTLS_PK_PARSE_C
*
* Enable the generic public ( asymetric ) key parser .
*
* Module : library / pkparse . c
* Caller : library / mbedtls_x509_crt . c
* library / mbedtls_x509_csr . c
*
* Requires : MBEDTLS_PK_C
*
* Uncomment to enable generic public key parse functions .
*/
# define MBEDTLS_PK_PARSE_C
/**
* \ def MBEDTLS_PK_WRITE_C
*
* Enable the generic public ( asymetric ) key writer .
*
* Module : library / pkwrite . c
* Caller : library / x509write . c
*
* Requires : MBEDTLS_PK_C
*
* Uncomment to enable generic public key write functions .
*/
# define MBEDTLS_PK_WRITE_C
/**
* \ def MBEDTLS_PKCS5_C
*
* Enable PKCS # 5 functions .
*
* Module : library / pkcs5 . c
*
* Requires : MBEDTLS_MD_C
*
* This module adds support for the PKCS # 5 functions .
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_PKCS5_C
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_PKCS12_C
*
* Enable PKCS # 12 PBE functions .
* Adds algorithms for parsing PKCS # 8 encrypted private keys
*
* Module : library / pkcs12 . c
* Caller : library / pkparse . c
*
* Requires : MBEDTLS_ASN1_PARSE_C , MBEDTLS_CIPHER_C , MBEDTLS_MD_C
* Can use : MBEDTLS_ARC4_C
*
* This module enables PKCS # 12 functions .
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_PKCS12_C
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_PLATFORM_C
*
* Enable the platform abstraction layer that allows you to re - assign
* functions like calloc ( ) , free ( ) , snprintf ( ) , printf ( ) , fprintf ( ) , exit ( ) .
*
* Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
* or MBEDTLS_PLATFORM_XXX_MACRO directives , allowing the functions mentioned
* above to be specified at runtime or compile time respectively .
*
* \ note This abstraction layer must be enabled on Windows ( including MSYS2 )
* as other module rely on it for a fixed snprintf implementation .
*
* Module : library / platform . c
* Caller : Most other . c files
*
* This module enables abstraction of common ( libc ) functions .
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_PLATFORM_C
2016-08-05 02:39:38 -04:00
2019-06-26 05:51:30 -04:00
/**
* \ def MBEDTLS_POLY1305_C
*
2020-05-05 12:22:56 -04:00
* Enable the Poly1305 MAC algorithm .
2019-06-26 05:51:30 -04:00
*
* Module : library / poly1305 . c
* Caller : library / chachapoly . c
*/
2020-05-05 12:22:56 -04:00
# ifdef CONFIG_MBEDTLS_POLY1305_C
# define MBEDTLS_POLY1305_C
# else
2019-06-26 05:51:30 -04:00
# undef MBEDTLS_POLY1305_C
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_RIPEMD160_C
*
* Enable the RIPEMD - 160 hash algorithm .
*
* Module : library / mbedtls_ripemd160 . c
* Caller : library / mbedtls_md . c
*
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_RIPEMD160_C
2016-08-30 08:40:58 -04:00
# define MBEDTLS_RIPEMD160_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_RIPEMD160_C
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_RSA_C
*
* Enable the RSA public - key cryptosystem .
*
* Module : library / rsa . c
* Caller : library / ssl_cli . c
* library / ssl_srv . c
* library / ssl_tls . c
* library / x509 . c
*
* This module is used by the following key exchanges :
* RSA , DHE - RSA , ECDHE - RSA , RSA - PSK
*
* Requires : MBEDTLS_BIGNUM_C , MBEDTLS_OID_C
*/
# define MBEDTLS_RSA_C
/**
* \ def MBEDTLS_SHA1_C
*
* Enable the SHA1 cryptographic hash algorithm .
*
* Module : library / mbedtls_sha1 . c
* Caller : library / mbedtls_md . c
* library / ssl_cli . c
* library / ssl_srv . c
* library / ssl_tls . c
* library / x509write_crt . c
*
* This module is required for SSL / TLS and SHA1 - signed certificates .
*/
# define MBEDTLS_SHA1_C
/**
* \ def MBEDTLS_SHA256_C
*
* Enable the SHA - 224 and SHA - 256 cryptographic hash algorithms .
*
* Module : library / mbedtls_sha256 . c
* Caller : library / entropy . c
* library / mbedtls_md . c
* library / ssl_cli . c
* library / ssl_srv . c
* library / ssl_tls . c
*
* This module adds support for SHA - 224 and SHA - 256.
* This module is required for the SSL / TLS 1.2 PRF function .
*/
# define MBEDTLS_SHA256_C
/**
* \ def MBEDTLS_SHA512_C
*
* Enable the SHA - 384 and SHA - 512 cryptographic hash algorithms .
*
* Module : library / mbedtls_sha512 . c
* Caller : library / entropy . c
* library / mbedtls_md . c
* library / ssl_cli . c
* library / ssl_srv . c
*
* This module adds support for SHA - 384 and SHA - 512.
*/
2020-04-23 02:11:24 -04:00
# ifdef CONFIG_MBEDTLS_SHA512_C
2016-08-05 02:39:38 -04:00
# define MBEDTLS_SHA512_C
2020-04-23 02:11:24 -04:00
# else
# undef MBEDTLS_SHA512_C
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_CACHE_C
*
* Enable simple SSL cache implementation .
*
* Module : library / ssl_cache . c
* Caller :
*
* Requires : MBEDTLS_SSL_CACHE_C
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_SSL_CACHE_C
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_COOKIE_C
*
* Enable basic implementation of DTLS cookies for hello verification .
*
* Module : library / ssl_cookie . c
* Caller :
*/
2016-08-30 08:40:58 -04:00
# define MBEDTLS_SSL_COOKIE_C
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_TICKET_C
*
* Enable an implementation of TLS server - side callbacks for session tickets .
*
* Module : library / ssl_ticket . c
* Caller :
*
* Requires : MBEDTLS_CIPHER_C
*/
2018-10-15 20:28:29 -04:00
# ifdef CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS
2016-08-30 08:40:58 -04:00
# define MBEDTLS_SSL_TICKET_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_SSL_TICKET_C
2018-10-15 20:28:29 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_CLI_C
*
* Enable the SSL / TLS client code .
*
* Module : library / ssl_cli . c
* Caller :
*
* Requires : MBEDTLS_SSL_TLS_C
*
* This module is required for SSL / TLS client support .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_TLS_CLIENT
2016-08-05 02:39:38 -04:00
# define MBEDTLS_SSL_CLI_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_SSL_CLI_C
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_SRV_C
*
* Enable the SSL / TLS server code .
*
* Module : library / ssl_srv . c
* Caller :
*
* Requires : MBEDTLS_SSL_TLS_C
*
* This module is required for SSL / TLS server support .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_TLS_SERVER
2016-08-05 02:39:38 -04:00
# define MBEDTLS_SSL_SRV_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_SSL_SRV_C
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_SSL_TLS_C
*
* Enable the generic SSL / TLS code .
*
* Module : library / ssl_tls . c
* Caller : library / ssl_cli . c
* library / ssl_srv . c
*
* Requires : MBEDTLS_CIPHER_C , MBEDTLS_MD_C
* and at least one of the MBEDTLS_SSL_PROTO_XXX defines
*
* This module is required for SSL / TLS .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_TLS_ENABLED
2016-08-05 02:39:38 -04:00
# define MBEDTLS_SSL_TLS_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_SSL_TLS_C
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
2019-06-26 05:51:30 -04:00
* \ def MBEDTLS_TIMING_C
2016-08-05 02:39:38 -04:00
*
2019-06-26 05:51:30 -04:00
* Enable the semi - portable timing interface .
2016-08-05 02:39:38 -04:00
*
2019-06-26 05:51:30 -04:00
* \ note The provided implementation only works on POSIX / Unix ( including Linux ,
* BSD and OS X ) and Windows . On other platforms , you can either disable that
* module and provide your own implementations of the callbacks needed by
* \ c mbedtls_ssl_set_timer_cb ( ) for DTLS , or leave it enabled and provide
* your own implementation of the whole module by setting
* \ c MBEDTLS_TIMING_ALT in the current file .
2016-08-05 02:39:38 -04:00
*
2019-06-26 05:51:30 -04:00
* \ note See also our Knowledge Base article about porting to a new
* environment :
* https : //tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
2016-08-05 02:39:38 -04:00
*
* Module : library / timing . c
* Caller : library / havege . c
*
* This module is used by the HAVEGE random number generator .
*/
2019-06-26 05:51:30 -04:00
# ifdef MBEDTLS_TIMING_C
# undef MBEDTLS_TIMING_C
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_VERSION_C
*
* Enable run - time version information .
*
* Module : library / version . c
*
* This module provides run - time version information .
*/
# define MBEDTLS_VERSION_C
/**
* \ def MBEDTLS_X509_USE_C
*
* Enable X .509 core for using certificates .
*
* Module : library / x509 . c
* Caller : library / mbedtls_x509_crl . c
* library / mbedtls_x509_crt . c
* library / mbedtls_x509_csr . c
*
* Requires : MBEDTLS_ASN1_PARSE_C , MBEDTLS_BIGNUM_C , MBEDTLS_OID_C ,
* MBEDTLS_PK_PARSE_C
*
* This module is required for the X .509 parsing modules .
*/
# define MBEDTLS_X509_USE_C
/**
* \ def MBEDTLS_X509_CRT_PARSE_C
*
* Enable X .509 certificate parsing .
*
* Module : library / mbedtls_x509_crt . c
* Caller : library / ssl_cli . c
* library / ssl_srv . c
* library / ssl_tls . c
*
* Requires : MBEDTLS_X509_USE_C
*
* This module is required for X .509 certificate parsing .
*/
# define MBEDTLS_X509_CRT_PARSE_C
/**
* \ def MBEDTLS_X509_CRL_PARSE_C
*
* Enable X .509 CRL parsing .
*
* Module : library / mbedtls_x509_crl . c
* Caller : library / mbedtls_x509_crt . c
*
* Requires : MBEDTLS_X509_USE_C
*
* This module is required for X .509 CRL parsing .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_X509_CRL_PARSE_C
2016-08-05 02:39:38 -04:00
# define MBEDTLS_X509_CRL_PARSE_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_X509_CRL_PARSE_C
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_X509_CSR_PARSE_C
*
* Enable X .509 Certificate Signing Request ( CSR ) parsing .
*
* Module : library / mbedtls_x509_csr . c
* Caller : library / x509_crt_write . c
*
* Requires : MBEDTLS_X509_USE_C
*
* This module is used for reading X .509 certificate request .
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_X509_CSR_PARSE_C
2016-08-05 02:39:38 -04:00
# define MBEDTLS_X509_CSR_PARSE_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_X509_CSR_PARSE_C
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_X509_CREATE_C
*
* Enable X .509 core for creating certificates .
*
* Module : library / x509_create . c
*
* Requires : MBEDTLS_BIGNUM_C , MBEDTLS_OID_C , MBEDTLS_PK_WRITE_C
*
* This module is the basis for creating X .509 certificates and CSRs .
*/
# define MBEDTLS_X509_CREATE_C
/**
* \ def MBEDTLS_X509_CRT_WRITE_C
*
* Enable creating X .509 certificates .
*
* Module : library / x509_crt_write . c
*
* Requires : MBEDTLS_X509_CREATE_C
*
* This module is required for X .509 certificate creation .
*/
# define MBEDTLS_X509_CRT_WRITE_C
2019-12-04 23:30:17 -05:00
/**
* \ def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*
* Alow the X509 parser to not break - off when parsing an X509 certificate
* and encountering an unknown critical extension .
*
* Module : library / x509_crt . c
*
* Requires : MBEDTLS_X509_CRT_PARSE_C
*
* This module is supports loading of certificates with extensions that
* may not be supported by mbedtls .
*/
# ifdef CONFIG_MBEDTLS_ALLOW_UNSUPPORTED_CRITICAL_EXT
# define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
# else
# undef MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
# endif
2016-08-05 02:39:38 -04:00
/**
* \ def MBEDTLS_X509_CSR_WRITE_C
*
* Enable creating X .509 Certificate Signing Requests ( CSR ) .
*
* Module : library / x509_csr_write . c
*
* Requires : MBEDTLS_X509_CREATE_C
*
* This module is required for X .509 certificate request writing .
*/
# define MBEDTLS_X509_CSR_WRITE_C
/**
* \ def MBEDTLS_XTEA_C
*
* Enable the XTEA block cipher .
*
* Module : library / xtea . c
* Caller :
*/
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# ifdef CONFIG_MBEDTLS_XTEA_C
2016-08-05 02:39:38 -04:00
# define MBEDTLS_XTEA_C
2019-06-26 05:51:30 -04:00
# else
# undef MBEDTLS_XTEA_C
mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-17 03:15:04 -04:00
# endif
2016-08-05 02:39:38 -04:00
/* \} name SECTION: mbed TLS modules */
/**
* \ name SECTION : Module configuration options
*
* This section allows for the setting of module specific sizes and
* configuration options . The default values are already present in the
* relevant header files and should suffice for the regular use cases .
*
* Our advice is to enable options and change their values here
* only if you have a good reason and know the consequences .
*
* Please check the respective header file for documentation on these
* parameters ( to prevent duplicate documentation ) .
* \ {
*/
/* SSL options */
2018-09-19 05:59:20 -04:00
# ifndef CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN
2016-08-30 08:40:58 -04:00
2016-09-21 02:36:30 -04:00
# define MBEDTLS_SSL_MAX_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
2018-09-19 05:59:20 -04:00
# else
/** \def MBEDTLS_SSL_IN_CONTENT_LEN
*
* Maximum incoming fragment length in bytes .
*
* Uncomment to set the size of the inward TLS buffer independently of the
* outward buffer .
*/
# define MBEDTLS_SSL_IN_CONTENT_LEN CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN
/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
*
* Maximum outgoing fragment length in bytes .
*
* Uncomment to set the size of the outward TLS buffer independently of the
* inward buffer .
*
* It is possible to save RAM by setting a smaller outward buffer , while keeping
* the default inward 16384 byte buffer to conform to the TLS specification .
*
* The minimum required outward buffer size is determined by the handshake
* protocol ' s usage . Handshaking will fail if the outward buffer is too small .
* The specific size requirement depends on the configured ciphers and any
* certificate data which is sent during the handshake .
*
* For absolute minimum RAM usage , it ' s best to enable
* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH and reduce MBEDTLS_SSL_MAX_CONTENT_LEN . This
* reduces both incoming and outgoing buffer sizes . However this is only
* guaranteed if the other end of the connection also supports the TLS
* max_fragment_len extension . Otherwise the connection may fail .
*/
# define MBEDTLS_SSL_OUT_CONTENT_LEN CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN
# endif /* !CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN */
2017-09-06 01:05:55 -04:00
/**
* Allow SHA - 1 in the default TLS configuration for TLS 1.2 handshake
* signature and ciphersuite selection . Without this build - time option , SHA - 1
* support must be activated explicitly through mbedtls_ssl_conf_sig_hashes .
* The use of SHA - 1 in TLS < = 1.1 and in HMAC - SHA - 1 is always allowed by
* default . At the time of writing , there is no practical attack on the use
* of SHA - 1 in handshake signatures , hence this option is turned on by default
* for compatibility with existing peers .
*/
# define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
2020-04-23 02:11:24 -04:00
/**
* \ def MBEDTLS_THREADING_C
*
* Enable the threading abstraction layer .
* By default mbed TLS assumes it is used in a non - threaded environment or that
* contexts are not shared between threads . If you do intend to use contexts
* between threads , you will need to enable this layer to prevent race
* conditions . See also our Knowledge Base article about threading :
* https : //tls.mbed.org/kb/development/thread-safety-and-multi-threading
*
* Module : library / threading . c
*
* This allows different threading implementations ( self - implemented or
* provided ) .
*
* You will have to enable either MBEDTLS_THREADING_ALT or
* MBEDTLS_THREADING_PTHREAD .
*
* Enable this layer to allow use of mutexes within mbed TLS
*/
# ifdef CONFIG_MBEDTLS_THREADING_C
# define MBEDTLS_THREADING_C
# else
# undef MBEDTLS_THREADING_C
# endif
/**
* \ def MBEDTLS_THREADING_ALT
*
* Provide your own alternate threading implementation .
*
* Requires : MBEDTLS_THREADING_C
*
* Uncomment this to allow your own alternate threading implementation .
*/
# ifdef CONFIG_MBEDTLS_THREADING_ALT
# define MBEDTLS_THREADING_ALT
# else
# undef MBEDTLS_THREADING_ALT
# endif
/**
* \ def MBEDTLS_THREADING_PTHREAD
*
* Enable the pthread wrapper layer for the threading layer .
*
* Requires : MBEDTLS_THREADING_C
*
* Uncomment this to enable pthread mutexes .
*/
# ifdef CONFIG_MBEDTLS_THREADING_PTHREAD
# define MBEDTLS_THREADING_PTHREAD
# else
# undef MBEDTLS_THREADING_PTHREAD
# endif
2016-08-05 02:39:38 -04:00
/* \} name SECTION: Module configuration options */
# if defined(TARGET_LIKE_MBED)
# include "mbedtls/target_config.h"
# endif
/*
* Allow user to override any previous default .
*
* Use two macro names for that , as :
* - with yotta the prefix YOTTA_CFG_ is forced
* - without yotta is looks weird to have a YOTTA prefix .
*/
# if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE)
# include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE
# elif defined(MBEDTLS_USER_CONFIG_FILE)
# include MBEDTLS_USER_CONFIG_FILE
# endif
2016-09-09 00:06:14 -04:00
# include "mbedtls/check_config.h"
2016-08-05 02:39:38 -04:00
# endif /* MBEDTLS_CONFIG_H */