 |
Mbed OS Reference
|
|
Mbed OS Reference
|
Data Structures | |
| union | mbedtls_ssl_premaster_secret |
| struct | mbedtls_ssl_session |
| struct | mbedtls_ssl_config |
| SSL/TLS configuration to be shared between mbedtls_ssl_context structures. More... | |
| struct | mbedtls_ssl_context |
| struct | mbedtls_ssl_ticket_key |
| Information for session ticket protection. More... | |
Macros | |
| #define | MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 |
| The requested feature is not available. More... | |
| #define | MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 |
| Bad input parameters to function. More... | |
| #define | MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 |
| Verification of the message MAC failed. More... | |
| #define | MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200 |
| An invalid SSL record was received. More... | |
| #define | MBEDTLS_ERR_SSL_CONN_EOF -0x7280 |
| The connection indicated an EOF. More... | |
| #define | MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300 |
| An unknown cipher was received. More... | |
| #define | MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 |
| The server has no ciphersuites in common with the client. More... | |
| #define | MBEDTLS_ERR_SSL_NO_RNG -0x7400 |
| No RNG was provided to the SSL module. More... | |
| #define | MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 |
| No client certification received from the client, but required by the authentication mode. More... | |
| #define | MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 |
| Our own certificate(s) is/are too large to send in an SSL message. More... | |
| #define | MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 |
| The own certificate is not set, but needed by the server. More... | |
| #define | MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 |
| The own private key or pre-shared key is not set, but needed. More... | |
| #define | MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 |
| No CA Chain is set, but required to operate. More... | |
| #define | MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 |
| An unexpected message was received from our peer. More... | |
| #define | MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 |
| A fatal alert message was received from our peer. More... | |
| #define | MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800 |
| Verification of our peer failed. More... | |
| #define | MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 |
| The peer notified us that the connection is going to be closed. More... | |
| #define | MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 |
| Processing of the ClientHello handshake message failed. More... | |
| #define | MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 |
| Processing of the ServerHello handshake message failed. More... | |
| #define | MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 |
| Processing of the Certificate handshake message failed. More... | |
| #define | MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 |
| Processing of the CertificateRequest handshake message failed. More... | |
| #define | MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 |
| Processing of the ServerKeyExchange handshake message failed. More... | |
| #define | MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 |
| Processing of the ServerHelloDone handshake message failed. More... | |
| #define | MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 |
| Processing of the ClientKeyExchange handshake message failed. More... | |
| #define | MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 |
| Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. More... | |
| #define | MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 |
| Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. More... | |
| #define | MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 |
| Processing of the CertificateVerify handshake message failed. More... | |
| #define | MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 |
| Processing of the ChangeCipherSpec handshake message failed. More... | |
| #define | MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80 |
| Processing of the Finished handshake message failed. More... | |
| #define | MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 |
| Memory allocation failed. More... | |
| #define | MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80 |
| Hardware acceleration function returned with error. More... | |
| #define | MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 |
| Hardware acceleration function skipped / left alone data. More... | |
| #define | MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00 |
| Processing of the compression / decompression failed. More... | |
| #define | MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 |
| Handshake protocol not within min/max boundaries. More... | |
| #define | MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 |
| Processing of the NewSessionTicket handshake message failed. More... | |
| #define | MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 |
| Session ticket has expired. More... | |
| #define | MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 |
| Public key type mismatch (eg, asked for RSA key exchange and presented EC key) More... | |
| #define | MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 |
| Unknown identity received (eg, PSK identity) More... | |
| #define | MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00 |
| Internal error (eg, unexpected failure in lower-level module) More... | |
| #define | MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80 |
| A counter would wrap (eg, too many messages exchanged). More... | |
| #define | MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 |
| Unexpected message at ServerHello in renegotiation. More... | |
| #define | MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 |
| DTLS client must retry for hello verification. More... | |
| #define | MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 |
| A buffer is too small to receive or write a message. More... | |
| #define | MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 |
| None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). More... | |
| #define | MBEDTLS_ERR_SSL_WANT_READ -0x6900 |
| No data of requested type currently available on underlying transport. More... | |
| #define | MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 |
| Connection requires a write call. More... | |
| #define | MBEDTLS_ERR_SSL_TIMEOUT -0x6800 |
| The operation timed out. More... | |
| #define | MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 |
| The client initiated a reconnect from the same port. More... | |
| #define | MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 |
| Record header looks valid but is not expected. More... | |
| #define | MBEDTLS_ERR_SSL_NON_FATAL -0x6680 |
| The alert message received indicates a non-fatal error. More... | |
| #define | MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 |
| Couldn't set the hash for verifying CertificateVerify. More... | |
| #define | MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 |
| Internal-only message signaling that further message-processing should be done. More... | |
| #define | MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 |
| The asynchronous operation is not completed yet. More... | |
| #define | MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480 |
| Internal-only message signaling that a message arrived early. More... | |
| #define | MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000 |
| An encrypted DTLS-frame with an unexpected CID was received. More... | |
| #define | MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00 |
| An operation failed due to an unexpected version or configuration. More... | |
| #define | MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 |
| A cryptographic operation is in progress. More... | |
| #define | MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 |
| Invalid value in SSL config. More... | |
| #define | MBEDTLS_SSL_MINOR_VERSION_0 0 |
| #define | MBEDTLS_SSL_MINOR_VERSION_1 1 |
| #define | MBEDTLS_SSL_MINOR_VERSION_2 2 |
| #define | MBEDTLS_SSL_MINOR_VERSION_3 3 |
| #define | MBEDTLS_SSL_MINOR_VERSION_4 4 |
| #define | MBEDTLS_SSL_TRANSPORT_STREAM 0 |
| #define | MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 |
| #define | MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 |
| #define | MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255 |
| #define | MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535 |
| #define | MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 |
| #define | MBEDTLS_SSL_MAX_FRAG_LEN_512 1 |
| #define | MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 |
| #define | MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 |
| #define | MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 |
| #define | MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 |
| #define | MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF |
| renegotiation info ext More... | |
| #define | MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600 |
| RFC 7507 section 2. More... | |
Typedefs | |
| typedef int | mbedtls_ssl_send_t(void *ctx, const unsigned char *buf, size_t len) |
| Callback type: send data on the network. More... | |
| typedef int | mbedtls_ssl_recv_t(void *ctx, unsigned char *buf, size_t len) |
| Callback type: receive data from the network. More... | |
| typedef int | mbedtls_ssl_recv_timeout_t(void *ctx, unsigned char *buf, size_t len, uint32_t timeout) |
| Callback type: receive data from the network, with timeout. More... | |
| typedef void | mbedtls_ssl_set_timer_t(void *ctx, uint32_t int_ms, uint32_t fin_ms) |
| Callback type: set a pair of timers/delays to watch. More... | |
| typedef int | mbedtls_ssl_get_timer_t(void *ctx) |
| Callback type: get status of timers/delays. More... | |
| typedef int | mbedtls_ssl_ticket_write_t(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime) |
| Callback type: generate and write session ticket. More... | |
| typedef int | mbedtls_ssl_ticket_parse_t(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len) |
| Callback type: parse and load session ticket. More... | |
| typedef int | mbedtls_ssl_cookie_write_t(void *ctx, unsigned char **p, unsigned char *end, const unsigned char *info, size_t ilen) |
| Callback type: generate a cookie. More... | |
| typedef int | mbedtls_ssl_cookie_check_t(void *ctx, const unsigned char *cookie, size_t clen, const unsigned char *info, size_t ilen) |
| Callback type: verify a cookie. More... | |
SECTION: Module settings | |
The configuration options you can set for this module are in this section. Either change them in config.h or define them on the compiler command line. | |
| #define | MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 |
| Lifetime of session tickets (if enabled) More... | |
| #define | MBEDTLS_SSL_MAX_CONTENT_LEN 16384 |
| Size of the input / output buffer. More... | |
| #define | MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN |
| #define | MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN |
| #define | MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 |
| #define | MBEDTLS_SSL_CID_IN_LEN_MAX 32 |
| #define | MBEDTLS_SSL_CID_OUT_LEN_MAX 32 |
| #define | MBEDTLS_SSL_CID_PADDING_GRANULARITY 16 |
| #define | MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1 |
| #define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 |
| #define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 |
| #define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 |
| #define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200 |
| #define MBEDTLS_ERR_SSL_CONN_EOF -0x7280 |
| #define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300 |
| #define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 |
| #define MBEDTLS_ERR_SSL_NO_RNG -0x7400 |
| #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 |
| #define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 |
| #define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 |
| #define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 |
| #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 |
| #define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 |
| #define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 |
| #define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800 |
| #define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 |
| #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 |
| #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 |
| #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 |
| #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 |
| #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 |
| #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 |
| #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 |
| #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 |
| #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 |
| #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 |
| #define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 |
| #define MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80 |
| #define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 |
| #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80 |
| #define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 |
| #define MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00 |
| #define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 |
| #define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 |
| #define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 |
| #define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 |
| #define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 |
| #define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00 |
| #define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80 |
| #define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 |
| #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 |
| #define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 |
| #define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 |
| #define MBEDTLS_ERR_SSL_WANT_READ -0x6900 |
| #define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 |
| #define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 |
| #define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 |
| #define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 |
| #define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 |
| #define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 |
| #define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 |
| #define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 |
| #define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480 |
| #define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000 |
| #define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00 |
| #define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 |
| #define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 |
| #define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 |
| #define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255 |
| #define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535 |
| #define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 |
| #define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 |
| #define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 |
| #define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 |
| #define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 |
| #define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 |
| #define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 |
| #define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF |
| #define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600 |
| #define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01 |
Weak!
Definition at line 47 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 |
Weak!
Definition at line 48 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 0x09 |
Weak! Not in TLS 1.2.
Definition at line 52 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15 |
Weak! Not in TLS 1.2.
Definition at line 56 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C |
Weak!
Definition at line 59 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D |
Weak!
Definition at line 60 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E |
Weak!
Definition at line 61 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B |
Weak!
Definition at line 68 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C |
TLS 1.2.
Definition at line 69 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D |
TLS 1.2.
Definition at line 70 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 |
TLS 1.2.
Definition at line 75 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B |
TLS 1.2.
Definition at line 76 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C |
TLS 1.2.
Definition at line 96 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D |
TLS 1.2.
Definition at line 97 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E |
TLS 1.2.
Definition at line 98 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F |
TLS 1.2.
Definition at line 99 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 |
TLS 1.2.
Definition at line 101 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 |
TLS 1.2.
Definition at line 102 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA |
TLS 1.2.
Definition at line 103 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB |
TLS 1.2.
Definition at line 104 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC |
TLS 1.2.
Definition at line 105 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD |
TLS 1.2.
Definition at line 106 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 |
Weak!
Definition at line 110 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 |
Weak!
Definition at line 111 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4 |
Weak!
Definition at line 115 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5 |
Weak!
Definition at line 116 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8 |
Weak!
Definition at line 120 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9 |
Weak!
Definition at line 121 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA |
TLS 1.2.
Definition at line 123 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE |
TLS 1.2.
Definition at line 124 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 |
TLS 1.2.
Definition at line 126 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 |
TLS 1.2.
Definition at line 127 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 |
Weak!
Definition at line 129 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 |
Not in SSL3!
Definition at line 130 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 |
Not in SSL3!
Definition at line 131 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 |
Not in SSL3!
Definition at line 132 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 |
Not in SSL3!
Definition at line 133 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 |
Weak!
Definition at line 135 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 |
Not in SSL3!
Definition at line 136 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 |
Not in SSL3!
Definition at line 137 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 |
Not in SSL3!
Definition at line 138 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A |
Not in SSL3!
Definition at line 139 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B |
Weak!
Definition at line 141 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C |
Not in SSL3!
Definition at line 142 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D |
Not in SSL3!
Definition at line 143 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E |
Not in SSL3!
Definition at line 144 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F |
Not in SSL3!
Definition at line 145 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 |
Weak!
Definition at line 147 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 |
Not in SSL3!
Definition at line 148 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 |
Not in SSL3!
Definition at line 149 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 |
Not in SSL3!
Definition at line 150 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 |
Not in SSL3!
Definition at line 151 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 |
TLS 1.2.
Definition at line 153 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 |
TLS 1.2.
Definition at line 154 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025 |
TLS 1.2.
Definition at line 155 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 |
TLS 1.2.
Definition at line 156 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 |
TLS 1.2.
Definition at line 157 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 |
TLS 1.2.
Definition at line 158 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 |
TLS 1.2.
Definition at line 159 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A |
TLS 1.2.
Definition at line 160 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B |
TLS 1.2.
Definition at line 162 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C |
TLS 1.2.
Definition at line 163 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D |
TLS 1.2.
Definition at line 164 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E |
TLS 1.2.
Definition at line 165 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F |
TLS 1.2.
Definition at line 166 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 |
TLS 1.2.
Definition at line 167 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 |
TLS 1.2.
Definition at line 168 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 |
TLS 1.2.
Definition at line 169 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033 |
Not in SSL3!
Definition at line 171 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034 |
Not in SSL3!
Definition at line 172 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 |
Not in SSL3!
Definition at line 173 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 |
Not in SSL3!
Definition at line 174 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037 |
Not in SSL3!
Definition at line 175 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 |
Not in SSL3!
Definition at line 176 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039 |
Weak! No SSL3!
Definition at line 177 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A |
Weak! No SSL3!
Definition at line 178 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B |
Weak! No SSL3!
Definition at line 179 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C |
TLS 1.2.
Definition at line 181 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D |
TLS 1.2.
Definition at line 182 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044 |
TLS 1.2.
Definition at line 183 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045 |
TLS 1.2.
Definition at line 184 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 |
TLS 1.2.
Definition at line 185 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 |
TLS 1.2.
Definition at line 186 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A |
TLS 1.2.
Definition at line 187 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B |
TLS 1.2.
Definition at line 188 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C |
TLS 1.2.
Definition at line 189 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D |
TLS 1.2.
Definition at line 190 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E |
TLS 1.2.
Definition at line 191 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F |
TLS 1.2.
Definition at line 192 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 |
TLS 1.2.
Definition at line 193 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 |
TLS 1.2.
Definition at line 194 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052 |
TLS 1.2.
Definition at line 195 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053 |
TLS 1.2.
Definition at line 196 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C |
TLS 1.2.
Definition at line 197 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D |
TLS 1.2.
Definition at line 198 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E |
TLS 1.2.
Definition at line 199 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F |
TLS 1.2.
Definition at line 200 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060 |
TLS 1.2.
Definition at line 201 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061 |
TLS 1.2.
Definition at line 202 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062 |
TLS 1.2.
Definition at line 203 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 |
TLS 1.2.
Definition at line 204 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 |
TLS 1.2.
Definition at line 205 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 |
TLS 1.2.
Definition at line 206 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066 |
TLS 1.2.
Definition at line 207 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067 |
TLS 1.2.
Definition at line 208 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068 |
TLS 1.2.
Definition at line 209 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069 |
TLS 1.2.
Definition at line 210 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A |
TLS 1.2.
Definition at line 211 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B |
TLS 1.2.
Definition at line 212 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C |
TLS 1.2.
Definition at line 213 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D |
TLS 1.2.
Definition at line 214 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E |
TLS 1.2.
Definition at line 215 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F |
TLS 1.2.
Definition at line 216 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 |
TLS 1.2.
Definition at line 217 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 |
TLS 1.2.
Definition at line 218 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 |
Not in SSL3!
Definition at line 220 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 |
Not in SSL3!
Definition at line 221 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 |
Not in SSL3!
Definition at line 222 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075 |
Not in SSL3!
Definition at line 223 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 |
Not in SSL3!
Definition at line 224 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 |
Not in SSL3!
Definition at line 225 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078 |
Not in SSL3!
Definition at line 226 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079 |
Not in SSL3!
Definition at line 227 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A |
TLS 1.2.
Definition at line 229 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B |
TLS 1.2.
Definition at line 230 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C |
TLS 1.2.
Definition at line 231 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D |
TLS 1.2.
Definition at line 232 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 |
TLS 1.2.
Definition at line 233 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 |
TLS 1.2.
Definition at line 234 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 |
TLS 1.2.
Definition at line 235 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089 |
TLS 1.2.
Definition at line 236 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A |
TLS 1.2.
Definition at line 237 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B |
TLS 1.2.
Definition at line 238 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C |
TLS 1.2.
Definition at line 239 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D |
TLS 1.2.
Definition at line 240 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E |
TLS 1.2.
Definition at line 242 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F |
TLS 1.2.
Definition at line 243 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 |
TLS 1.2.
Definition at line 244 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 |
TLS 1.2.
Definition at line 245 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092 |
TLS 1.2.
Definition at line 246 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093 |
TLS 1.2.
Definition at line 247 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A |
Not in SSL3!
Definition at line 255 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B |
Not in SSL3!
Definition at line 256 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C |
TLS 1.2.
Definition at line 258 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D |
TLS 1.2.
Definition at line 259 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E |
TLS 1.2.
Definition at line 260 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F |
TLS 1.2.
Definition at line 261 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 |
TLS 1.2.
Definition at line 262 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 |
TLS 1.2.
Definition at line 263 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2 |
TLS 1.2.
Definition at line 264 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 |
TLS 1.2.
Definition at line 265 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 |
TLS 1.2.
Definition at line 266 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 |
TLS 1.2.
Definition at line 267 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6 |
TLS 1.2.
Definition at line 268 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7 |
TLS 1.2.
Definition at line 269 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 |
TLS 1.2.
Definition at line 270 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9 |
TLS 1.2.
Definition at line 271 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA |
TLS 1.2.
Definition at line 272 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB |
TLS 1.2.
Definition at line 273 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC |
TLS 1.2.
Definition at line 276 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD |
TLS 1.2.
Definition at line 277 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE |
TLS 1.2.
Definition at line 278 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF |
TLS 1.2.
Definition at line 279 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF |
experimental
Definition at line 281 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 |
TLS 1.2.
Definition at line 284 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 |
TLS 1.2.
Definition at line 285 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA |
TLS 1.2.
Definition at line 286 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB |
TLS 1.2.
Definition at line 287 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC |
TLS 1.2.
Definition at line 288 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD |
TLS 1.2.
Definition at line 289 of file ssl_ciphersuites.h.
| #define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE |
TLS 1.2.
Definition at line 290 of file ssl_ciphersuites.h.
| #define MBEDTLS_CIPHERSUITE_WEAK 0x01 |
Weak ciphersuite flag
Definition at line 385 of file ssl_ciphersuites.h.
| #define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02 |
Short authentication tag, eg for CCM_8.
Definition at line 387 of file ssl_ciphersuites.h.
| #define MBEDTLS_CIPHERSUITE_NODTLS 0x04 |
Can't be used with DTLS.
Definition at line 388 of file ssl_ciphersuites.h.
| typedef int mbedtls_ssl_send_t(void *ctx, const unsigned char *buf, size_t len) |
Callback type: send data on the network.
| ctx | Context for the send callback (typically a file descriptor) |
| buf | Buffer holding the data to send |
| len | Length of the data to send |
MBEDTLS_ERR_SSL_WANT_WRITE must be returned when the operation would block.| typedef int mbedtls_ssl_recv_t(void *ctx, unsigned char *buf, size_t len) |
Callback type: receive data from the network.
| ctx | Context for the receive callback (typically a file descriptor) |
| buf | Buffer to write the received data to |
| len | Length of the receive buffer |
MBEDTLS_ERR_SSL_WANT_READ must be returned when the operation would block.| typedef int mbedtls_ssl_recv_timeout_t(void *ctx, unsigned char *buf, size_t len, uint32_t timeout) |
Callback type: receive data from the network, with timeout.
| ctx | Context for the receive callback (typically a file descriptor) |
| buf | Buffer to write the received data to |
| len | Length of the receive buffer |
| timeout | Maximum nomber of millisecondes to wait for data 0 means no timeout (potentially waiting forever) |
MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.| typedef void mbedtls_ssl_set_timer_t(void *ctx, uint32_t int_ms, uint32_t fin_ms) |
Callback type: set a pair of timers/delays to watch.
| ctx | Context pointer |
| int_ms | Intermediate delay in milliseconds |
| fin_ms | Final delay in milliseconds 0 cancels the current timer. |
mbedtls_ssl_get_timer_t callback to return correct information.mbedtls_ssl_handshake() with the proper SSL context to be scheduled. Care must be taken to ensure that at most one such call happens at a time.| typedef int mbedtls_ssl_get_timer_t(void *ctx) |
| typedef int mbedtls_ssl_ticket_write_t(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime) |
Callback type: generate and write session ticket.
| p_ticket | Context for the callback |
| session | SSL session to be written in the ticket |
| start | Start of the output buffer |
| end | End of the output buffer |
| tlen | On exit, holds the length written |
| lifetime | On exit, holds the lifetime of the ticket in seconds |
| typedef int mbedtls_ssl_ticket_parse_t(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len) |
Callback type: parse and load session ticket.
| p_ticket | Context for the callback |
| session | SSL session to be loaded |
| buf | Start of the buffer containing the ticket |
| len | Length of the ticket. |
| typedef int mbedtls_ssl_cookie_write_t(void *ctx, unsigned char **p, unsigned char *end, const unsigned char *info, size_t ilen) |
Callback type: generate a cookie.
| ctx | Context for the callback |
| p | Buffer to write to, must be updated to point right after the cookie |
| end | Pointer to one past the end of the output buffer |
| info | Client ID info that was passed to mbedtls_ssl_set_client_transport_id() |
| ilen | Length of info in bytes |
| typedef int mbedtls_ssl_cookie_check_t(void *ctx, const unsigned char *cookie, size_t clen, const unsigned char *info, size_t ilen) |
Callback type: verify a cookie.
| ctx | Context for the callback |
| cookie | Cookie to verify |
| clen | Length of cookie |
| info | Client ID info that was passed to mbedtls_ssl_set_client_transport_id() |
| ilen | Length of info in bytes |
| typedef struct mbedtls_ssl_ticket_key mbedtls_ssl_ticket_key |
Information for session ticket protection.
| typedef struct mbedtls_ssl_ticket_context mbedtls_ssl_ticket_context |
Context for session ticket handling functions.
| const char * mbedtls_ssl_get_ciphersuite_name | ( | const int | ciphersuite_id | ) |
Return the name of the ciphersuite associated with the given ID.
| ciphersuite_id | SSL ciphersuite ID |
| int mbedtls_ssl_get_ciphersuite_id | ( | const char * | ciphersuite_name | ) |
Return the ID of the ciphersuite associated with the given name.
| ciphersuite_name | SSL ciphersuite name |
| void mbedtls_ssl_init | ( | mbedtls_ssl_context * | ssl | ) |
Initialize an SSL context Just makes the context ready for mbedtls_ssl_setup() or mbedtls_ssl_free()
| ssl | SSL context |
| int mbedtls_ssl_setup | ( | mbedtls_ssl_context * | ssl, |
| const mbedtls_ssl_config * | conf | ||
| ) |
Set up an SSL context for use.
| ssl | SSL context |
| conf | SSL configuration to use |
| int mbedtls_ssl_session_reset | ( | mbedtls_ssl_context * | ssl | ) |
Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data.
| ssl | SSL context |
| void mbedtls_ssl_conf_endpoint | ( | mbedtls_ssl_config * | conf, |
| int | endpoint | ||
| ) |
Set the current endpoint type.
| conf | SSL configuration |
| endpoint | must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER |
| void mbedtls_ssl_conf_transport | ( | mbedtls_ssl_config * | conf, |
| int | transport | ||
| ) |
Set the transport type (TLS or DTLS).
Default: TLS
mbedtls_ssl_set_bio(). You also need to provide timer callbacks with mbedtls_ssl_set_timer_cb().| conf | SSL configuration |
| transport | transport type: MBEDTLS_SSL_TRANSPORT_STREAM for TLS, MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS. |
| void mbedtls_ssl_conf_authmode | ( | mbedtls_ssl_config * | conf, |
| int | authmode | ||
| ) |
Set the certificate verification mode Default: NONE on server, REQUIRED on client.
| conf | SSL configuration |
| authmode | can be: |
MBEDTLS_SSL_VERIFY_NONE: peer certificate is not checked (default on server) (insecure on client)
MBEDTLS_SSL_VERIFY_OPTIONAL: peer certificate is checked, however the handshake continues even if verification failed; mbedtls_ssl_get_verify_result() can be called after the handshake is complete.
MBEDTLS_SSL_VERIFY_REQUIRED: peer must present a valid certificate, handshake is aborted if verification failed. (default on client)
| void mbedtls_ssl_conf_rng | ( | mbedtls_ssl_config * | conf, |
| int(*)(void *, unsigned char *, size_t) | f_rng, | ||
| void * | p_rng | ||
| ) |
Set the random number generator callback.
| conf | SSL configuration |
| f_rng | RNG function |
| p_rng | RNG parameter |
| void mbedtls_ssl_conf_dbg | ( | mbedtls_ssl_config * | conf, |
| void(*)(void *, int, const char *, int, const char *) | f_dbg, | ||
| void * | p_dbg | ||
| ) |
Set the debug callback.
The callback has the following argument:
void * opaque context for the callback
int debug level
const char * file name
int line number
const char * message
| conf | SSL configuration |
| f_dbg | debug function |
| p_dbg | debug parameter |
| void mbedtls_ssl_set_bio | ( | mbedtls_ssl_context * | ssl, |
| void * | p_bio, | ||
| mbedtls_ssl_send_t * | f_send, | ||
| mbedtls_ssl_recv_t * | f_recv, | ||
| mbedtls_ssl_recv_timeout_t * | f_recv_timeout | ||
| ) |
Set the underlying BIO callbacks for write, read and read-with-timeout.
| ssl | SSL context |
| p_bio | parameter (context) shared by BIO callbacks |
| f_send | write callback |
| f_recv | read callback |
| f_recv_timeout | blocking read callback with timeout. |
mbedtls_ssl_send_t, mbedtls_ssl_recv_t and mbedtls_ssl_recv_timeout_t for the conventions those callbacks must follow.mbedtls_net_send(), mbedtls_net_recv() and mbedtls_net_recv_timeout() that are suitable to be used here. | void mbedtls_ssl_conf_read_timeout | ( | mbedtls_ssl_config * | conf, |
| uint32_t | timeout | ||
| ) |
Set the timeout period for mbedtls_ssl_read() (Default: no timeout.)
| conf | SSL configuration context |
| timeout | Timeout value in milliseconds. Use 0 for no timeout (default). |
f_recv_timeout was set with mbedtls_ssl_set_bio(). With non-blocking I/O, this will only work if timer callbacks were set with mbedtls_ssl_set_timer_cb().| void mbedtls_ssl_set_timer_cb | ( | mbedtls_ssl_context * | ssl, |
| void * | p_timer, | ||
| mbedtls_ssl_set_timer_t * | f_set_timer, | ||
| mbedtls_ssl_get_timer_t * | f_get_timer | ||
| ) |
Set the timer callbacks (Mandatory for DTLS.)
| ssl | SSL context |
| p_timer | parameter (context) shared by timer callbacks |
| f_set_timer | set timer callback |
| f_get_timer | get timer callback. Must return: |
mbedtls_ssl_set_timer_t and mbedtls_ssl_get_timer_t for the conventions this pair of callbacks must follow.mbedtls_timing_set_delay() and mbedtls_timing_get_delay() that are suitable for using here, except if using an event-driven style.| int mbedtls_ssl_session_load | ( | mbedtls_ssl_session * | session, |
| const unsigned char * | buf, | ||
| size_t | len | ||
| ) |
Load serialized session data into a session structure.
On client, this can be used for loading saved sessions before resuming them with mbedstls_ssl_set_session(). On server, this can be used for alternative implementations of session cache or session tickets.
| session | The session structure to be populated. It must have been initialised with mbedtls_ssl_session_init() but not populated yet. |
| buf | The buffer holding the serialized session data. It must be a readable buffer of at least len bytes. |
| len | The size of the serialized data in bytes. |
0 if successful. | int mbedtls_ssl_session_save | ( | const mbedtls_ssl_session * | session, |
| unsigned char * | buf, | ||
| size_t | buf_len, | ||
| size_t * | olen | ||
| ) |
Save session structure as serialized data in a buffer.
On client, this can be used for saving session data, potentially in non-volatile storage, for resuming later. On server, this can be used for alternative implementations of session cache or session tickets.
| session | The session structure to be saved. |
| buf | The buffer to write the serialized data to. It must be a writeable buffer of at least len bytes, or may be NULL if len is 0. |
| buf_len | The number of bytes available for writing in buf. |
| olen | The size in bytes of the data that has been or would have been written. It must point to a valid size_t. |
olen is updated to the correct value regardless of whether buf_len was large enough. This makes it possible to determine the necessary size by calling this function with buf set to NULL and buf_len to 0.0 if successful. buf is too small. | const mbedtls_ssl_session * mbedtls_ssl_get_session_pointer | ( | const mbedtls_ssl_context * | ssl | ) |
Get a pointer to the current session structure, for example to serialize it.
ssl context.| ssl | The SSL context. |
NULL if no session is active. | void mbedtls_ssl_conf_ciphersuites | ( | mbedtls_ssl_config * | conf, |
| const int * | ciphersuites | ||
| ) |
Set the list of allowed ciphersuites and the preference order.
First in the list has the highest preference. (Overrides all version-specific lists)
The ciphersuites array is not copied, and must remain valid for the lifetime of the ssl_config.
Note: The server uses its own preferences over the preference of the client unless MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
| conf | SSL configuration |
| ciphersuites | 0-terminated list of allowed ciphersuites |
| void mbedtls_ssl_conf_ciphersuites_for_version | ( | mbedtls_ssl_config * | conf, |
| const int * | ciphersuites, | ||
| int | major, | ||
| int | minor | ||
| ) |
Set the list of allowed ciphersuites and the preference order for a specific version of the protocol.
(Only useful on the server side)
The ciphersuites array is not copied, and must remain valid for the lifetime of the ssl_config.
| conf | SSL configuration |
| ciphersuites | 0-terminated list of allowed ciphersuites |
| major | Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) |
| minor | Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, MBEDTLS_SSL_MINOR_VERSION_3 supported) |
| void mbedtls_ssl_conf_max_version | ( | mbedtls_ssl_config * | conf, |
| int | major, | ||
| int | minor | ||
| ) |
Set the maximum supported version sent from the client side and/or accepted at the server side (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION)
| conf | SSL configuration |
| major | Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) |
| minor | Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, MBEDTLS_SSL_MINOR_VERSION_3 supported) |
| void mbedtls_ssl_conf_min_version | ( | mbedtls_ssl_config * | conf, |
| int | major, | ||
| int | minor | ||
| ) |
Set the minimum accepted SSL/TLS protocol version (Default: TLS 1.0)
| conf | SSL configuration |
| major | Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) |
| minor | Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, MBEDTLS_SSL_MINOR_VERSION_3 supported) |
| void mbedtls_ssl_conf_legacy_renegotiation | ( | mbedtls_ssl_config * | conf, |
| int | allow_legacy | ||
| ) |
Prevent or allow legacy renegotiation.
(Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)
MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to be established even if the peer does not support secure renegotiation, but does not allow renegotiation to take place if not secure. (Interoperable and secure option)
MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations with non-upgraded peers. Allowing legacy renegotiation makes the connection vulnerable to specific man in the middle attacks. (See RFC 5746) (Most interoperable and least secure option)
MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections if peer does not support secure renegotiation. Results in interoperability issues with non-upgraded peers that do not support renegotiation altogether. (Most secure option, interoperability issues)
| conf | SSL configuration |
| allow_legacy | Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION, SSL_ALLOW_LEGACY_RENEGOTIATION or MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) |
| int mbedtls_ssl_check_pending | ( | const mbedtls_ssl_context * | ssl | ) |
Check if there is data already read from the underlying transport but not yet processed.
| ssl | SSL context |
mbedtls_ssl_get_bytes_avail in that it considers any kind of unprocessed data, not only unread application data. If mbedtls_ssl_get_bytes returns a non-zero value, this function will also signal pending data, but the converse does not hold. For example, in DTLS there might be further records waiting to be processed from the current underlying transport's datagram.mbedtls_ssl_read will provide any data; e.g., the unprocessed data might turn out to be an alert or a handshake message.| size_t mbedtls_ssl_get_bytes_avail | ( | const mbedtls_ssl_context * | ssl | ) |
Return the number of application data bytes remaining to be read from the current record.
| ssl | SSL context |
mbedtls_ssl_read has written the maximal amount of data fitting into the input buffer. | uint32_t mbedtls_ssl_get_verify_result | ( | const mbedtls_ssl_context * | ssl | ) |
Return the result of the certificate verification.
| ssl | The SSL context to use. |
0 if the certificate verification was successful. -1u if the result is not available. This may happen e.g. if the handshake aborts early, or a verification callback returned a fatal error. MBEDTLS_X509_BADCERT_XXX and MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h. | const char * mbedtls_ssl_get_ciphersuite | ( | const mbedtls_ssl_context * | ssl | ) |
Return the name of the current ciphersuite.
| ssl | SSL context |
| const char * mbedtls_ssl_get_version | ( | const mbedtls_ssl_context * | ssl | ) |
Return the current SSL version (SSLv3/TLSv1/etc)
| ssl | SSL context |
| int mbedtls_ssl_get_record_expansion | ( | const mbedtls_ssl_context * | ssl | ) |
Return the (maximum) number of bytes added by the record layer: header + encryption/MAC overhead (inc.
padding)
| ssl | SSL context |
| int mbedtls_ssl_get_max_out_record_payload | ( | const mbedtls_ssl_context * | ssl | ) |
Return the current maximum outgoing record payload in bytes.
This takes into account the config.h setting MBEDTLS_SSL_OUT_CONTENT_LEN, the configured and negotiated max fragment length extension if used, and for DTLS the path MTU as configured and current record expansion.
mbedtls_ssl_write() will return an error if called with a larger length value. With TLS, mbedtls_ssl_write() will fragment the input if necessary and return the number of bytes written; it is up to the caller to call mbedtls_ssl_write() again in order to send the remaining bytes if any.| ssl | SSL context |
| int mbedtls_ssl_handshake | ( | mbedtls_ssl_context * | ssl | ) |
Perform the SSL handshake.
| ssl | SSL context |
0 if successful. 0, MBEDTLS_ERR_SSL_WANT_READ, MBEDTLS_ERR_SSL_WANT_WRITE, MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using the SSL context for reading or writing, and either free it or call mbedtls_ssl_session_reset() on it before re-using it for a new connection; the current connection must be closed.| int mbedtls_ssl_handshake_step | ( | mbedtls_ssl_context * | ssl | ) |
Perform a single step of the SSL handshake.
0. Do not call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.| ssl | SSL context |
0, MBEDTLS_ERR_SSL_WANT_READ, MBEDTLS_ERR_SSL_WANT_WRITE, MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using the SSL context for reading or writing, and either free it or call mbedtls_ssl_session_reset() on it before re-using it for a new connection; the current connection must be closed. | int mbedtls_ssl_read | ( | mbedtls_ssl_context * | ssl, |
| unsigned char * | buf, | ||
| size_t | len | ||
| ) |
Read at most 'len' application data bytes.
| ssl | SSL context |
| buf | buffer that will hold the data |
| len | maximum number of bytes to read |
0 if the read end of the underlying transport was closed without sending a CloseNotify beforehand, which might happen because of various reasons (internal error of an underlying stack, non-conformant peer not sending a CloseNotify and such) - in this case you must stop using the context (see below). mbedtls_ssl_session_reset() on it before re-using it for a new connection; the current connection must be closed.mbedtls_ssl_handshake() with the same context (as it has been reset internally). Either way, you must make sure this is seen by the application as a new connection: application state, if any, should be reset, and most importantly the identity of the client must be checked again. WARNING: not validating the identity of the client again, or not transmitting the new identity to the application layer, would allow authentication bypass!mbedtls_ssl_check_pending to check for remaining records. | int mbedtls_ssl_write | ( | mbedtls_ssl_context * | ssl, |
| const unsigned char * | buf, | ||
| size_t | len | ||
| ) |
Try to write exactly 'len' application data bytes.
| ssl | SSL context |
| buf | buffer holding the data |
| len | how many bytes must be written |
len). mbedtls_ssl_session_reset() on it before re-using it for a new connection; the current connection must be closed.mbedtls_ssl_get_output_max_frag_len() may be used to query the active maximum fragment length.| int mbedtls_ssl_send_alert_message | ( | mbedtls_ssl_context * | ssl, |
| unsigned char | level, | ||
| unsigned char | message | ||
| ) |
Send an alert message.
| ssl | SSL context |
| level | The alert level of the message (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL) |
| message | The alert message (SSL_ALERT_MSG_*) |
mbedtls_ssl_session_reset() on it before re-using it for a new connection; the current connection must be closed. | int mbedtls_ssl_close_notify | ( | mbedtls_ssl_context * | ssl | ) |
Notify the peer that the connection is being closed.
| ssl | SSL context |
mbedtls_ssl_session_reset() on it before re-using it for a new connection; the current connection must be closed. | void mbedtls_ssl_free | ( | mbedtls_ssl_context * | ssl | ) |
Free referenced items in an SSL context and clear memory.
| ssl | SSL context |
| void mbedtls_ssl_config_init | ( | mbedtls_ssl_config * | conf | ) |
Initialize an SSL configuration context Just makes the context ready for mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().
| conf | SSL configuration context |
| int mbedtls_ssl_config_defaults | ( | mbedtls_ssl_config * | conf, |
| int | endpoint, | ||
| int | transport, | ||
| int | preset | ||
| ) |
Load reasonnable default SSL configuration values.
(You need to call mbedtls_ssl_config_init() first.)
| conf | SSL configuration context |
| endpoint | MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER |
| transport | MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS |
| preset | a MBEDTLS_SSL_PRESET_XXX value |
mbedtls_ssl_conf_transport() for notes on DTLS.| void mbedtls_ssl_config_free | ( | mbedtls_ssl_config * | conf | ) |
Free an SSL configuration context.
| conf | SSL configuration context |
| void mbedtls_ssl_session_init | ( | mbedtls_ssl_session * | session | ) |
Initialize SSL session structure.
| session | SSL session |
| void mbedtls_ssl_session_free | ( | mbedtls_ssl_session * | session | ) |
Free referenced items in an SSL session including the peer certificate and clear memory.
| session | SSL session |
| int mbedtls_ssl_tls_prf | ( | const mbedtls_tls_prf_types | prf, |
| const unsigned char * | secret, | ||
| size_t | slen, | ||
| const char * | label, | ||
| const unsigned char * | random, | ||
| size_t | rlen, | ||
| unsigned char * | dstbuf, | ||
| size_t | dlen | ||
| ) |
TLS-PRF function for key derivation.
| prf | The tls_prf type funtion type to be used. |
| secret | Secret for the key derivation function. |
| slen | Length of the secret. |
| label | String label for the key derivation function, terminated with null character. |
| random | Random bytes. |
| rlen | Length of the random bytes buffer. |
| dstbuf | The buffer holding the derived key. |
| dlen | Length of the output buffer. |
| void mbedtls_ssl_ticket_init | ( | mbedtls_ssl_ticket_context * | ctx | ) |
Initialize a ticket context.
(Just make it ready for mbedtls_ssl_ticket_setup() or mbedtls_ssl_ticket_free().)
| ctx | Context to be initialized |
| int mbedtls_ssl_ticket_setup | ( | mbedtls_ssl_ticket_context * | ctx, |
| int(*)(void *, unsigned char *, size_t) | f_rng, | ||
| void * | p_rng, | ||
| mbedtls_cipher_type_t | cipher, | ||
| uint32_t | lifetime | ||
| ) |
Prepare context to be actually used.
| ctx | Context to be set up |
| f_rng | RNG callback function |
| p_rng | RNG callback context |
| cipher | AEAD cipher to use for ticket protection. Recommended value: MBEDTLS_CIPHER_AES_256_GCM. |
| lifetime | Tickets lifetime in seconds Recommended value: 86400 (one day). |
| void mbedtls_ssl_ticket_free | ( | mbedtls_ssl_ticket_context * | ctx | ) |
Free a context's content and zeroize it.
| ctx | Context to be cleaned up |
| mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write |
Implementation of the ticket write callback.
mbedtls_ssl_ticket_write_t for description Definition at line 125 of file ssl_ticket.h.
| mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse |
Implementation of the ticket parse callback.
mbedtls_ssl_ticket_parse_t for description Definition at line 132 of file ssl_ticket.h.
1.9.5