Mbed TLS v3.6.2
Loading...
Searching...
No Matches
ssl.h File Reference

SSL/TLS functions. More...

#include "mbedtls/platform_util.h"
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
#include "mbedtls/bignum.h"
#include "mbedtls/ecp.h"
#include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_crl.h"
#include "mbedtls/dhm.h"
#include "mbedtls/md.h"
#include "mbedtls/ecdh.h"
#include "mbedtls/platform_time.h"
#include "psa/crypto.h"
Include dependency graph for ssl.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

union  mbedtls_ssl_premaster_secret
 
struct  mbedtls_ssl_tls13_application_secrets
 
struct  mbedtls_ssl_session
 
union  mbedtls_ssl_user_data_t
 
struct  mbedtls_ssl_config
 
struct  mbedtls_ssl_context
 

Macros

#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS   -0x7000
 
#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE   -0x7080
 
#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA   -0x7100
 
#define MBEDTLS_ERR_SSL_INVALID_MAC   -0x7180
 
#define MBEDTLS_ERR_SSL_INVALID_RECORD   -0x7200
 
#define MBEDTLS_ERR_SSL_CONN_EOF   -0x7280
 
#define MBEDTLS_ERR_SSL_DECODE_ERROR   -0x7300
 
#define MBEDTLS_ERR_SSL_NO_RNG   -0x7400
 
#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE   -0x7480
 
#define MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION   -0x7500
 
#define MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL   -0x7580
 
#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED   -0x7600
 
#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED   -0x7680
 
#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE   -0x7700
 
#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE   -0x7780
 
#define MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME   -0x7800
 
#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY   -0x7880
 
#define MBEDTLS_ERR_SSL_BAD_CERTIFICATE   -0x7A00
 
#define MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET   -0x7B00
 
#define MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA   -0x7B80
 
#define MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA   -0x7C00
 
#define MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA   -0x7C80
 
#define MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND   -0x7E80
 
#define MBEDTLS_ERR_SSL_ALLOC_FAILED   -0x7F00
 
#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED   -0x7F80
 
#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH   -0x6F80
 
#define MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION   -0x6E80
 
#define MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE   -0x6E00
 
#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED   -0x6D80
 
#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH   -0x6D00
 
#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY   -0x6C80
 
#define MBEDTLS_ERR_SSL_INTERNAL_ERROR   -0x6C00
 
#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING   -0x6B80
 
#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO   -0x6B00
 
#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED   -0x6A80
 
#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL   -0x6A00
 
#define MBEDTLS_ERR_SSL_WANT_READ   -0x6900
 
#define MBEDTLS_ERR_SSL_WANT_WRITE   -0x6880
 
#define MBEDTLS_ERR_SSL_TIMEOUT   -0x6800
 
#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT   -0x6780
 
#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD   -0x6700
 
#define MBEDTLS_ERR_SSL_NON_FATAL   -0x6680
 
#define MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER   -0x6600
 
#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING   -0x6580
 
#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS   -0x6500
 
#define MBEDTLS_ERR_SSL_EARLY_MESSAGE   -0x6480
 
#define MBEDTLS_ERR_SSL_UNEXPECTED_CID   -0x6000
 
#define MBEDTLS_ERR_SSL_VERSION_MISMATCH   -0x5F00
 
#define MBEDTLS_ERR_SSL_BAD_CONFIG   -0x5E80
 
#define MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE   0 /* Pure PSK-based exchange */
 
#define MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE   1 /* PSK+ECDHE-based exchange */
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_NONE   0
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1   0x0012
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1   0x0013
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1   0x0014
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1   0x0015
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1   0x0016
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1   0x0017
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1   0x0018
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1   0x0019
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1   0x001A
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1   0x001B
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1   0x001C
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_X25519   0x001D
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_X448   0x001E
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048   0x0100
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072   0x0101
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096   0x0102
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144   0x0103
 
#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192   0x0104
 
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK   (1u << 0)
 
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL   (1u << 1)
 
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL   (1u << 2)
 
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL
 
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL
 
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL
 
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE   (0)
 
#define MBEDTLS_SSL_MAJOR_VERSION_3   3
 
#define MBEDTLS_SSL_MINOR_VERSION_3   3
 
#define MBEDTLS_SSL_MINOR_VERSION_4   4
 
#define MBEDTLS_SSL_TRANSPORT_STREAM   0
 
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM   1
 
#define MBEDTLS_SSL_MAX_HOST_NAME_LEN   255
 
#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN   255
 
#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN   65535
 
#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE   0
 
#define MBEDTLS_SSL_MAX_FRAG_LEN_512   1
 
#define MBEDTLS_SSL_MAX_FRAG_LEN_1024   2
 
#define MBEDTLS_SSL_MAX_FRAG_LEN_2048   3
 
#define MBEDTLS_SSL_MAX_FRAG_LEN_4096   4
 
#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID   5
 
#define MBEDTLS_SSL_IS_CLIENT   0
 
#define MBEDTLS_SSL_IS_SERVER   1
 
#define MBEDTLS_SSL_EXTENDED_MS_DISABLED   0
 
#define MBEDTLS_SSL_EXTENDED_MS_ENABLED   1
 
#define MBEDTLS_SSL_CID_DISABLED   0
 
#define MBEDTLS_SSL_CID_ENABLED   1
 
#define MBEDTLS_SSL_ETM_DISABLED   0
 
#define MBEDTLS_SSL_ETM_ENABLED   1
 
#define MBEDTLS_SSL_COMPRESS_NULL   0
 
#define MBEDTLS_SSL_VERIFY_NONE   0
 
#define MBEDTLS_SSL_VERIFY_OPTIONAL   1
 
#define MBEDTLS_SSL_VERIFY_REQUIRED   2
 
#define MBEDTLS_SSL_VERIFY_UNSET   3 /* Used only for sni_authmode */
 
#define MBEDTLS_SSL_LEGACY_RENEGOTIATION   0
 
#define MBEDTLS_SSL_SECURE_RENEGOTIATION   1
 
#define MBEDTLS_SSL_RENEGOTIATION_DISABLED   0
 
#define MBEDTLS_SSL_RENEGOTIATION_ENABLED   1
 
#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED   0
 
#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED   1
 
#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED   -1
 
#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT   16
 
#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION   0
 
#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION   1
 
#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE   2
 
#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED   0
 
#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED   1
 
#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN   10 /* 80 bits, rfc 6066 section 7 */
 
#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED   0
 
#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED   1
 
#define MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_DISABLED   0
 
#define MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED   1
 
#define MBEDTLS_SSL_PRESET_DEFAULT   0
 
#define MBEDTLS_SSL_PRESET_SUITEB   2
 
#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED   1
 
#define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED   0
 
#define MBEDTLS_SSL_EARLY_DATA_DISABLED   0
 
#define MBEDTLS_SSL_EARLY_DATA_ENABLED   1
 
#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED   0
 
#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED   1
 
#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT   1
 
#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER   0
 
#define MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN   48
 
#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN   1000
 
#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX   60000
 
#define MBEDTLS_SSL_EARLY_DATA_NO_DISCARD   0
 
#define MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD   1
 
#define MBEDTLS_SSL_EARLY_DATA_DISCARD   2
 
#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN   12
 
#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO   0xFF
 
#define MBEDTLS_SSL_HASH_NONE   0
 
#define MBEDTLS_SSL_HASH_MD5   1
 
#define MBEDTLS_SSL_HASH_SHA1   2
 
#define MBEDTLS_SSL_HASH_SHA224   3
 
#define MBEDTLS_SSL_HASH_SHA256   4
 
#define MBEDTLS_SSL_HASH_SHA384   5
 
#define MBEDTLS_SSL_HASH_SHA512   6
 
#define MBEDTLS_SSL_SIG_ANON   0
 
#define MBEDTLS_SSL_SIG_RSA   1
 
#define MBEDTLS_SSL_SIG_ECDSA   3
 
#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256   0x0401
 
#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384   0x0501
 
#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512   0x0601
 
#define MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256   0x0403
 
#define MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384   0x0503
 
#define MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512   0x0603
 
#define MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256   0x0804
 
#define MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384   0x0805
 
#define MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512   0x0806
 
#define MBEDTLS_TLS1_3_SIG_ED25519   0x0807
 
#define MBEDTLS_TLS1_3_SIG_ED448   0x0808
 
#define MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256   0x0809
 
#define MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384   0x080A
 
#define MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512   0x080B
 
#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1   0x0201
 
#define MBEDTLS_TLS1_3_SIG_ECDSA_SHA1   0x0203
 
#define MBEDTLS_TLS1_3_SIG_NONE   0x0
 
#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN   1
 
#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN   64
 
#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC   20
 
#define MBEDTLS_SSL_MSG_ALERT   21
 
#define MBEDTLS_SSL_MSG_HANDSHAKE   22
 
#define MBEDTLS_SSL_MSG_APPLICATION_DATA   23
 
#define MBEDTLS_SSL_MSG_CID   25
 
#define MBEDTLS_SSL_ALERT_LEVEL_WARNING   1
 
#define MBEDTLS_SSL_ALERT_LEVEL_FATAL   2
 
#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY   0 /* 0x00 */
 
#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE   10 /* 0x0A */
 
#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC   20 /* 0x14 */
 
#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED   21 /* 0x15 */
 
#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW   22 /* 0x16 */
 
#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE   30 /* 0x1E */
 
#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE   40 /* 0x28 */
 
#define MBEDTLS_SSL_ALERT_MSG_NO_CERT   41 /* 0x29 */
 
#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT   42 /* 0x2A */
 
#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT   43 /* 0x2B */
 
#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED   44 /* 0x2C */
 
#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED   45 /* 0x2D */
 
#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN   46 /* 0x2E */
 
#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER   47 /* 0x2F */
 
#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA   48 /* 0x30 */
 
#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED   49 /* 0x31 */
 
#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR   50 /* 0x32 */
 
#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR   51 /* 0x33 */
 
#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION   60 /* 0x3C */
 
#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION   70 /* 0x46 */
 
#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY   71 /* 0x47 */
 
#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR   80 /* 0x50 */
 
#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK   86 /* 0x56 */
 
#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED   90 /* 0x5A */
 
#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION   100 /* 0x64 */
 
#define MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION   109 /* 0x6d -- new in TLS 1.3 */
 
#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT   110 /* 0x6E */
 
#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME   112 /* 0x70 */
 
#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY   115 /* 0x73 */
 
#define MBEDTLS_SSL_ALERT_MSG_CERT_REQUIRED   116 /* 0x74 */
 
#define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL   120 /* 0x78 */
 
#define MBEDTLS_SSL_HS_HELLO_REQUEST   0
 
#define MBEDTLS_SSL_HS_CLIENT_HELLO   1
 
#define MBEDTLS_SSL_HS_SERVER_HELLO   2
 
#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST   3
 
#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET   4
 
#define MBEDTLS_SSL_HS_END_OF_EARLY_DATA   5
 
#define MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS   8
 
#define MBEDTLS_SSL_HS_CERTIFICATE   11
 
#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE   12
 
#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST   13
 
#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE   14
 
#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY   15
 
#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE   16
 
#define MBEDTLS_SSL_HS_FINISHED   20
 
#define MBEDTLS_SSL_HS_MESSAGE_HASH   254
 
#define MBEDTLS_TLS_EXT_SERVERNAME   0
 
#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME   0
 
#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH   1
 
#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC   4
 
#define MBEDTLS_TLS_EXT_STATUS_REQUEST   5 /* RFC 6066 TLS 1.2 and 1.3 */
 
#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES   10
 
#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS   10 /* RFC 8422,7919 TLS 1.2 and 1.3 */
 
#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS   11
 
#define MBEDTLS_TLS_EXT_SIG_ALG   13 /* RFC 8446 TLS 1.3 */
 
#define MBEDTLS_TLS_EXT_USE_SRTP   14
 
#define MBEDTLS_TLS_EXT_HEARTBEAT   15 /* RFC 6520 TLS 1.2 and 1.3 */
 
#define MBEDTLS_TLS_EXT_ALPN   16
 
#define MBEDTLS_TLS_EXT_SCT   18 /* RFC 6962 TLS 1.2 and 1.3 */
 
#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE   19 /* RFC 7250 TLS 1.2 and 1.3 */
 
#define MBEDTLS_TLS_EXT_SERV_CERT_TYPE   20 /* RFC 7250 TLS 1.2 and 1.3 */
 
#define MBEDTLS_TLS_EXT_PADDING   21 /* RFC 7685 TLS 1.2 and 1.3 */
 
#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC   22 /* 0x16 */
 
#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET   0x0017 /* 23 */
 
#define MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT   28 /* RFC 8449 (implemented for TLS 1.3 only) */
 
#define MBEDTLS_TLS_EXT_SESSION_TICKET   35
 
#define MBEDTLS_TLS_EXT_PRE_SHARED_KEY   41 /* RFC 8446 TLS 1.3 */
 
#define MBEDTLS_TLS_EXT_EARLY_DATA   42 /* RFC 8446 TLS 1.3 */
 
#define MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS   43 /* RFC 8446 TLS 1.3 */
 
#define MBEDTLS_TLS_EXT_COOKIE   44 /* RFC 8446 TLS 1.3 */
 
#define MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES   45 /* RFC 8446 TLS 1.3 */
 
#define MBEDTLS_TLS_EXT_CERT_AUTH   47 /* RFC 8446 TLS 1.3 */
 
#define MBEDTLS_TLS_EXT_OID_FILTERS   48 /* RFC 8446 TLS 1.3 */
 
#define MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH   49 /* RFC 8446 TLS 1.3 */
 
#define MBEDTLS_TLS_EXT_SIG_ALG_CERT   50 /* RFC 8446 TLS 1.3 */
 
#define MBEDTLS_TLS_EXT_KEY_SHARE   51 /* RFC 8446 TLS 1.3 */
 
#define MBEDTLS_TLS_EXT_CID   54 /* RFC 9146 DTLS 1.2 CID */
 
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP   256 /* experimental */
 
#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO   0xFF01
 
#define MBEDTLS_PSK_MAX_LEN   48 /* 384 bits */
 
#define MBEDTLS_PREMASTER_SIZE   sizeof(union mbedtls_ssl_premaster_secret)
 
#define MBEDTLS_TLS1_3_MD_MAX_SIZE   PSA_HASH_MAX_SIZE
 
#define MBEDTLS_SSL_SEQUENCE_NUMBER_LEN   8
 
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION    MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK /* 1U << 0 */
 
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION    MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL /* 1U << 2 */
 
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA   (1U << 3)
 
#define MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK
 
#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE   0
 
#define MBEDTLS_SSL_UNEXPECTED_CID_FAIL   1
 
SECTION: Module settings

The configuration options you can set for this module are in this section. Either change them in mbedtls_config.h or define them on the compiler command line.

#define MBEDTLS_SSL_IN_CONTENT_LEN   16384
 
#define MBEDTLS_SSL_OUT_CONTENT_LEN   16384
 
#define MBEDTLS_SSL_DTLS_MAX_BUFFERING   32768
 
#define MBEDTLS_SSL_CID_IN_LEN_MAX   32
 
#define MBEDTLS_SSL_CID_OUT_LEN_MAX   32
 
#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY   16
 
#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE   1024
 
#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE   6000
 
#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH   32
 
#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS   1
 

Typedefs

typedef int mbedtls_ssl_send_t(void *ctx, const unsigned char *buf, size_t len)
 Callback type: send data on the network.
 
typedef int mbedtls_ssl_recv_t(void *ctx, unsigned char *buf, size_t len)
 Callback type: receive data from the network.
 
typedef int mbedtls_ssl_recv_timeout_t(void *ctx, unsigned char *buf, size_t len, uint32_t timeout)
 Callback type: receive data from the network, with timeout.
 
typedef void mbedtls_ssl_set_timer_t(void *ctx, uint32_t int_ms, uint32_t fin_ms)
 Callback type: set a pair of timers/delays to watch.
 
typedef int mbedtls_ssl_get_timer_t(void *ctx)
 Callback type: get status of timers/delays.
 
typedef struct mbedtls_ssl_session mbedtls_ssl_session
 
typedef struct mbedtls_ssl_context mbedtls_ssl_context
 
typedef struct mbedtls_ssl_config mbedtls_ssl_config
 
typedef struct mbedtls_ssl_transform mbedtls_ssl_transform
 
typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params
 
typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t
 
typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert
 
typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item
 
typedef int mbedtls_ssl_cache_get_t(void *data, unsigned char const *session_id, size_t session_id_len, mbedtls_ssl_session *session)
 Callback type: server-side session cache getter.
 
typedef int mbedtls_ssl_cache_set_t(void *data, unsigned char const *session_id, size_t session_id_len, const mbedtls_ssl_session *session)
 Callback type: server-side session cache setter.
 
typedef void mbedtls_ssl_export_keys_t(void *p_expkey, mbedtls_ssl_key_export_type type, const unsigned char *secret, size_t secret_len, const unsigned char client_random[32], const unsigned char server_random[32], mbedtls_tls_prf_types tls_prf_type)
 Callback type: Export key alongside random values for session identification, and PRF for implementation of TLS key exporters.
 
typedef int(* mbedtls_ssl_hs_cb_t) (mbedtls_ssl_context *ssl)
 Callback type: generic handshake callback.
 
typedef int mbedtls_ssl_ticket_write_t(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime)
 Callback type: generate and write session ticket.
 
typedef int mbedtls_ssl_ticket_parse_t(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len)
 Callback type: parse and load session ticket.
 
typedef int mbedtls_ssl_cookie_write_t(void *ctx, unsigned char **p, unsigned char *end, const unsigned char *info, size_t ilen)
 Callback type: generate a cookie.
 
typedef int mbedtls_ssl_cookie_check_t(void *ctx, const unsigned char *cookie, size_t clen, const unsigned char *info, size_t ilen)
 Callback type: verify a cookie.
 

Enumerations

enum  mbedtls_ssl_states {
  MBEDTLS_SSL_HELLO_REQUEST , MBEDTLS_SSL_CLIENT_HELLO , MBEDTLS_SSL_SERVER_HELLO , MBEDTLS_SSL_SERVER_CERTIFICATE ,
  MBEDTLS_SSL_SERVER_KEY_EXCHANGE , MBEDTLS_SSL_CERTIFICATE_REQUEST , MBEDTLS_SSL_SERVER_HELLO_DONE , MBEDTLS_SSL_CLIENT_CERTIFICATE ,
  MBEDTLS_SSL_CLIENT_KEY_EXCHANGE , MBEDTLS_SSL_CERTIFICATE_VERIFY , MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC , MBEDTLS_SSL_CLIENT_FINISHED ,
  MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC , MBEDTLS_SSL_SERVER_FINISHED , MBEDTLS_SSL_FLUSH_BUFFERS , MBEDTLS_SSL_HANDSHAKE_WRAPUP ,
  MBEDTLS_SSL_NEW_SESSION_TICKET , MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT , MBEDTLS_SSL_HELLO_RETRY_REQUEST , MBEDTLS_SSL_ENCRYPTED_EXTENSIONS ,
  MBEDTLS_SSL_END_OF_EARLY_DATA , MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY , MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED , MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO ,
  MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO , MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO , MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST , MBEDTLS_SSL_HANDSHAKE_OVER ,
  MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET , MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH
}
 
enum  mbedtls_ssl_protocol_version { MBEDTLS_SSL_VERSION_UNKNOWN , MBEDTLS_SSL_VERSION_TLS1_2 = 0x0303 , MBEDTLS_SSL_VERSION_TLS1_3 = 0x0304 }
 
enum  mbedtls_tls_prf_types {
  MBEDTLS_SSL_TLS_PRF_NONE , MBEDTLS_SSL_TLS_PRF_SHA384 , MBEDTLS_SSL_TLS_PRF_SHA256 , MBEDTLS_SSL_HKDF_EXPAND_SHA384 ,
  MBEDTLS_SSL_HKDF_EXPAND_SHA256
}
 
enum  mbedtls_ssl_key_export_type {
  MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0 , MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET , MBEDTLS_SSL_KEY_EXPORT_TLS1_3_EARLY_EXPORTER_SECRET , MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET ,
  MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET , MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET , MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET
}
 

Functions

const char * mbedtls_ssl_get_ciphersuite_name (const int ciphersuite_id)
 Return the name of the ciphersuite associated with the given ID.
 
int mbedtls_ssl_get_ciphersuite_id (const char *ciphersuite_name)
 Return the ID of the ciphersuite associated with the given name.
 
void mbedtls_ssl_init (mbedtls_ssl_context *ssl)
 Initialize an SSL context Just makes the context ready for mbedtls_ssl_setup() or mbedtls_ssl_free()
 
int mbedtls_ssl_setup (mbedtls_ssl_context *ssl, const mbedtls_ssl_config *conf)
 Set up an SSL context for use.
 
int mbedtls_ssl_session_reset (mbedtls_ssl_context *ssl)
 Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data.
 
void mbedtls_ssl_conf_endpoint (mbedtls_ssl_config *conf, int endpoint)
 Set the current endpoint type.
 
static int mbedtls_ssl_conf_get_endpoint (const mbedtls_ssl_config *conf)
 Get the current endpoint type.
 
void mbedtls_ssl_conf_transport (mbedtls_ssl_config *conf, int transport)
 Set the transport type (TLS or DTLS). Default: TLS.
 
void mbedtls_ssl_conf_authmode (mbedtls_ssl_config *conf, int authmode)
 Set the certificate verification mode Default: NONE on server, REQUIRED on client.
 
void mbedtls_ssl_conf_verify (mbedtls_ssl_config *conf, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
 Set the verification callback (Optional).
 
void mbedtls_ssl_conf_rng (mbedtls_ssl_config *conf, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Set the random number generator callback.
 
void mbedtls_ssl_conf_dbg (mbedtls_ssl_config *conf, void(*f_dbg)(void *, int, const char *, int, const char *), void *p_dbg)
 Set the debug callback.
 
static const mbedtls_ssl_configmbedtls_ssl_context_get_config (const mbedtls_ssl_context *ssl)
 Return the SSL configuration structure associated with the given SSL context.
 
void mbedtls_ssl_set_bio (mbedtls_ssl_context *ssl, void *p_bio, mbedtls_ssl_send_t *f_send, mbedtls_ssl_recv_t *f_recv, mbedtls_ssl_recv_timeout_t *f_recv_timeout)
 Set the underlying BIO callbacks for write, read and read-with-timeout.
 
int mbedtls_ssl_set_cid (mbedtls_ssl_context *ssl, int enable, unsigned char const *own_cid, size_t own_cid_len)
 Configure the use of the Connection ID (CID) extension in the next handshake.
 
int mbedtls_ssl_get_own_cid (mbedtls_ssl_context *ssl, int *enabled, unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX], size_t *own_cid_len)
 Get information about our request for usage of the CID extension in the current connection.
 
int mbedtls_ssl_get_peer_cid (mbedtls_ssl_context *ssl, int *enabled, unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX], size_t *peer_cid_len)
 Get information about the use of the CID extension in the current connection.
 
void mbedtls_ssl_set_mtu (mbedtls_ssl_context *ssl, uint16_t mtu)
 Set the Maximum Transport Unit (MTU). Special value: 0 means unset (no limit). This represents the maximum size of a datagram payload handled by the transport layer (usually UDP) as determined by the network link and stack. In practice, this controls the maximum size datagram the DTLS layer will pass to the f_send() callback set using mbedtls_ssl_set_bio().
 
void mbedtls_ssl_set_verify (mbedtls_ssl_context *ssl, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
 Set a connection-specific verification callback (optional).
 
void mbedtls_ssl_conf_read_timeout (mbedtls_ssl_config *conf, uint32_t timeout)
 Set the timeout period for mbedtls_ssl_read() (Default: no timeout.)
 
int mbedtls_ssl_check_record (mbedtls_ssl_context const *ssl, unsigned char *buf, size_t buflen)
 Check whether a buffer contains a valid and authentic record that has not been seen before. (DTLS only).
 
void mbedtls_ssl_set_timer_cb (mbedtls_ssl_context *ssl, void *p_timer, mbedtls_ssl_set_timer_t *f_set_timer, mbedtls_ssl_get_timer_t *f_get_timer)
 Set the timer callbacks (Mandatory for DTLS.)
 
static void mbedtls_ssl_conf_cert_cb (mbedtls_ssl_config *conf, mbedtls_ssl_hs_cb_t f_cert_cb)
 Set the certificate selection callback (server-side only).
 
void mbedtls_ssl_conf_session_tickets_cb (mbedtls_ssl_config *conf, mbedtls_ssl_ticket_write_t *f_ticket_write, mbedtls_ssl_ticket_parse_t *f_ticket_parse, void *p_ticket)
 Configure SSL session ticket callbacks (server only). (Default: none.)
 
static int mbedtls_ssl_session_get_ticket_creation_time (mbedtls_ssl_session *session, mbedtls_ms_time_t *ticket_creation_time)
 Get the creation time of a session ticket.
 
static unsigned const char(* mbedtls_ssl_session_get_id (const mbedtls_ssl_session *session))[32]
 Get the session-id buffer.
 
static size_t mbedtls_ssl_session_get_id_len (const mbedtls_ssl_session *session)
 Get the size of the session-id.
 
static int mbedtls_ssl_session_get_ciphersuite_id (const mbedtls_ssl_session *session)
 Get the ciphersuite-id.
 
void mbedtls_ssl_set_export_keys_cb (mbedtls_ssl_context *ssl, mbedtls_ssl_export_keys_t *f_export_keys, void *p_export_keys)
 Configure a key export callback. (Default: none.)
 
static void mbedtls_ssl_conf_set_user_data_p (mbedtls_ssl_config *conf, void *p)
 Set the user data in an SSL configuration to a pointer.
 
static void mbedtls_ssl_conf_set_user_data_n (mbedtls_ssl_config *conf, uintptr_t n)
 Set the user data in an SSL configuration to an integer.
 
static void * mbedtls_ssl_conf_get_user_data_p (mbedtls_ssl_config *conf)
 Retrieve the user data in an SSL configuration as a pointer.
 
static uintptr_t mbedtls_ssl_conf_get_user_data_n (mbedtls_ssl_config *conf)
 Retrieve the user data in an SSL configuration as an integer.
 
static void mbedtls_ssl_set_user_data_p (mbedtls_ssl_context *ssl, void *p)
 Set the user data in an SSL context to a pointer.
 
static void mbedtls_ssl_set_user_data_n (mbedtls_ssl_context *ssl, uintptr_t n)
 Set the user data in an SSL context to an integer.
 
static void * mbedtls_ssl_get_user_data_p (mbedtls_ssl_context *ssl)
 Retrieve the user data in an SSL context as a pointer.
 
static uintptr_t mbedtls_ssl_get_user_data_n (mbedtls_ssl_context *ssl)
 Retrieve the user data in an SSL context as an integer.
 
void mbedtls_ssl_conf_dtls_cookies (mbedtls_ssl_config *conf, mbedtls_ssl_cookie_write_t *f_cookie_write, mbedtls_ssl_cookie_check_t *f_cookie_check, void *p_cookie)
 Register callbacks for DTLS cookies (Server only. DTLS only.)
 
int mbedtls_ssl_set_client_transport_id (mbedtls_ssl_context *ssl, const unsigned char *info, size_t ilen)
 Set client's transport-level identification info. (Server only. DTLS only.)
 
void mbedtls_ssl_conf_dtls_anti_replay (mbedtls_ssl_config *conf, char mode)
 Enable or disable anti-replay protection for DTLS. (DTLS only, no effect on TLS.) Default: enabled.
 
void mbedtls_ssl_conf_dtls_badmac_limit (mbedtls_ssl_config *conf, unsigned limit)
 Set a limit on the number of records with a bad MAC before terminating the connection. (DTLS only, no effect on TLS.) Default: 0 (disabled).
 
void mbedtls_ssl_set_datagram_packing (mbedtls_ssl_context *ssl, unsigned allow_packing)
 Allow or disallow packing of multiple handshake records within a single datagram.
 
void mbedtls_ssl_conf_handshake_timeout (mbedtls_ssl_config *conf, uint32_t min, uint32_t max)
 Set retransmit timeout values for the DTLS handshake. (DTLS only, no effect on TLS.)
 
void mbedtls_ssl_conf_session_cache (mbedtls_ssl_config *conf, void *p_cache, mbedtls_ssl_cache_get_t *f_get_cache, mbedtls_ssl_cache_set_t *f_set_cache)
 Set the session cache callbacks (server-side only) If not set, no session resuming is done (except if session tickets are enabled too).
 
int mbedtls_ssl_set_session (mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session)
 Load a session for session resumption.
 
int mbedtls_ssl_session_load (mbedtls_ssl_session *session, const unsigned char *buf, size_t len)
 Load serialized session data into a session structure. On client, this can be used for loading saved sessions before resuming them with mbedtls_ssl_set_session(). On server, this can be used for alternative implementations of session cache or session tickets.
 
int mbedtls_ssl_session_save (const mbedtls_ssl_session *session, unsigned char *buf, size_t buf_len, size_t *olen)
 Save session structure as serialized data in a buffer. On client, this can be used for saving session data, potentially in non-volatile storage, for resuming later. On server, this can be used for alternative implementations of session cache or session tickets.
 
void mbedtls_ssl_conf_ciphersuites (mbedtls_ssl_config *conf, const int *ciphersuites)
 Set the list of allowed ciphersuites and the preference order. First in the list has the highest preference.
 
void mbedtls_ssl_conf_tls13_key_exchange_modes (mbedtls_ssl_config *conf, const int kex_modes)
 Set the supported key exchange modes for TLS 1.3 connections.
 
int mbedtls_ssl_conf_cid (mbedtls_ssl_config *conf, size_t len, int ignore_other_cids)
 Specify the length of Connection IDs for incoming encrypted DTLS records, as well as the behaviour on unexpected CIDs.
 
void mbedtls_ssl_conf_cert_profile (mbedtls_ssl_config *conf, const mbedtls_x509_crt_profile *profile)
 Set the X.509 security profile used for verification.
 
void mbedtls_ssl_conf_ca_chain (mbedtls_ssl_config *conf, mbedtls_x509_crt *ca_chain, mbedtls_x509_crl *ca_crl)
 Set the data required to verify peer certificate.
 
static void mbedtls_ssl_conf_dn_hints (mbedtls_ssl_config *conf, const mbedtls_x509_crt *crt)
 Set DN hints sent to client in CertificateRequest message.
 
int mbedtls_ssl_conf_own_cert (mbedtls_ssl_config *conf, mbedtls_x509_crt *own_cert, mbedtls_pk_context *pk_key)
 Set own certificate chain and private key.
 
int mbedtls_ssl_conf_psk (mbedtls_ssl_config *conf, const unsigned char *psk, size_t psk_len, const unsigned char *psk_identity, size_t psk_identity_len)
 Configure pre-shared keys (PSKs) and their identities to be used in PSK-based ciphersuites.
 
int mbedtls_ssl_set_hs_psk (mbedtls_ssl_context *ssl, const unsigned char *psk, size_t psk_len)
 Set the pre-shared Key (PSK) for the current handshake.
 
void mbedtls_ssl_conf_psk_cb (mbedtls_ssl_config *conf, int(*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t), void *p_psk)
 Set the PSK callback (server-side only).
 
int mbedtls_ssl_conf_dh_param_bin (mbedtls_ssl_config *conf, const unsigned char *dhm_P, size_t P_len, const unsigned char *dhm_G, size_t G_len)
 Set the Diffie-Hellman public P and G values from big-endian binary presentations. (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN)
 
int mbedtls_ssl_conf_dh_param_ctx (mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx)
 Set the Diffie-Hellman public P and G values, read from existing context (server-side only)
 
void mbedtls_ssl_conf_dhm_min_bitlen (mbedtls_ssl_config *conf, unsigned int bitlen)
 Set the minimum length for Diffie-Hellman parameters. (Client-side only.) (Default: 1024 bits.)
 
void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves (mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curves)
 Set the allowed curves in order of preference.
 
void mbedtls_ssl_conf_groups (mbedtls_ssl_config *conf, const uint16_t *groups)
 Set the allowed groups in order of preference.
 
void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes (mbedtls_ssl_config *conf, const int *hashes)
 Set the allowed hashes for signatures during the handshake.
 
void mbedtls_ssl_conf_sig_algs (mbedtls_ssl_config *conf, const uint16_t *sig_algs)
 Configure allowed signature algorithms for use in TLS.
 
int mbedtls_ssl_set_hostname (mbedtls_ssl_context *ssl, const char *hostname)
 Set or reset the hostname to check against the received server certificate. It sets the ServerName TLS extension, too, if that extension is enabled. (client-side only)
 
static const char * mbedtls_ssl_get_hostname (mbedtls_ssl_context *ssl)
 Get the hostname that checked against the received server certificate. It is used to set the ServerName TLS extension, too, if that extension is enabled. (client-side only)
 
const unsigned char * mbedtls_ssl_get_hs_sni (mbedtls_ssl_context *ssl, size_t *name_len)
 Retrieve SNI extension value for the current handshake. Available in f_cert_cb of mbedtls_ssl_conf_cert_cb(), this is the same value passed to f_sni callback of mbedtls_ssl_conf_sni() and may be used instead of mbedtls_ssl_conf_sni().
 
int mbedtls_ssl_set_hs_own_cert (mbedtls_ssl_context *ssl, mbedtls_x509_crt *own_cert, mbedtls_pk_context *pk_key)
 Set own certificate and key for the current handshake.
 
void mbedtls_ssl_set_hs_ca_chain (mbedtls_ssl_context *ssl, mbedtls_x509_crt *ca_chain, mbedtls_x509_crl *ca_crl)
 Set the data required to verify peer certificate for the current handshake.
 
void mbedtls_ssl_set_hs_dn_hints (mbedtls_ssl_context *ssl, const mbedtls_x509_crt *crt)
 Set DN hints sent to client in CertificateRequest message.
 
void mbedtls_ssl_set_hs_authmode (mbedtls_ssl_context *ssl, int authmode)
 Set authmode for the current handshake.
 
void mbedtls_ssl_conf_sni (mbedtls_ssl_config *conf, int(*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t), void *p_sni)
 Set server side ServerName TLS extension callback (optional, server-side only).
 
int mbedtls_ssl_conf_alpn_protocols (mbedtls_ssl_config *conf, const char **protos)
 Set the supported Application Layer Protocols.
 
const char * mbedtls_ssl_get_alpn_protocol (const mbedtls_ssl_context *ssl)
 Get the name of the negotiated Application Layer Protocol. This function should be called after the handshake is completed.
 
void MBEDTLS_DEPRECATED mbedtls_ssl_conf_max_version (mbedtls_ssl_config *conf, int major, int minor)
 Set the maximum supported version sent from the client side and/or accepted at the server side.
 
static void mbedtls_ssl_conf_max_tls_version (mbedtls_ssl_config *conf, mbedtls_ssl_protocol_version tls_version)
 Set the maximum supported version sent from the client side and/or accepted at the server side.
 
void MBEDTLS_DEPRECATED mbedtls_ssl_conf_min_version (mbedtls_ssl_config *conf, int major, int minor)
 Set the minimum accepted SSL/TLS protocol version.
 
static void mbedtls_ssl_conf_min_tls_version (mbedtls_ssl_config *conf, mbedtls_ssl_protocol_version tls_version)
 Set the minimum supported version sent from the client side and/or accepted at the server side.
 
void mbedtls_ssl_conf_encrypt_then_mac (mbedtls_ssl_config *conf, char etm)
 Enable or disable Encrypt-then-MAC (Default: MBEDTLS_SSL_ETM_ENABLED)
 
void mbedtls_ssl_conf_extended_master_secret (mbedtls_ssl_config *conf, char ems)
 Enable or disable Extended Master Secret negotiation. (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED)
 
void mbedtls_ssl_conf_cert_req_ca_list (mbedtls_ssl_config *conf, char cert_req_ca_list)
 Whether to send a list of acceptable CAs in CertificateRequest messages. (Default: do send)
 
int mbedtls_ssl_conf_max_frag_len (mbedtls_ssl_config *conf, unsigned char mfl_code)
 Set the maximum fragment length to emit and/or negotiate. (Typical: the smaller of MBEDTLS_SSL_IN_CONTENT_LEN and MBEDTLS_SSL_OUT_CONTENT_LEN, usually 2^14 bytes) (Server: set maximum fragment length to emit, usually negotiated by the client during handshake) (Client: set maximum fragment length to emit and negotiate with the server during handshake) (Default: MBEDTLS_SSL_MAX_FRAG_LEN_NONE)
 
void mbedtls_ssl_conf_preference_order (mbedtls_ssl_config *conf, int order)
 Pick the ciphersuites order according to the second parameter in the SSL Server module (MBEDTLS_SSL_SRV_C). (Default, if never called: MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER)
 
void mbedtls_ssl_conf_session_tickets (mbedtls_ssl_config *conf, int use_tickets)
 Enable / Disable TLS 1.2 session tickets (client only, TLS 1.2 only). Enabled by default.
 
void mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets (mbedtls_ssl_config *conf, int signal_new_session_tickets)
 Enable / Disable handling of TLS 1.3 NewSessionTicket messages (client only, TLS 1.3 only).
 
void mbedtls_ssl_conf_new_session_tickets (mbedtls_ssl_config *conf, uint16_t num_tickets)
 Number of NewSessionTicket messages for the server to send after handshake completion.
 
void mbedtls_ssl_conf_renegotiation (mbedtls_ssl_config *conf, int renegotiation)
 Enable / Disable renegotiation support for connection when initiated by peer (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
 
void mbedtls_ssl_conf_legacy_renegotiation (mbedtls_ssl_config *conf, int allow_legacy)
 Prevent or allow legacy renegotiation. (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)
 
void mbedtls_ssl_conf_renegotiation_enforced (mbedtls_ssl_config *conf, int max_records)
 Enforce renegotiation requests. (Default: enforced, max_records = 16)
 
void mbedtls_ssl_conf_renegotiation_period (mbedtls_ssl_config *conf, const unsigned char period[8])
 Set record counter threshold for periodic renegotiation. (Default: 2^48 - 1)
 
int mbedtls_ssl_check_pending (const mbedtls_ssl_context *ssl)
 Check if there is data already read from the underlying transport but not yet processed.
 
size_t mbedtls_ssl_get_bytes_avail (const mbedtls_ssl_context *ssl)
 Return the number of application data bytes remaining to be read from the current record.
 
uint32_t mbedtls_ssl_get_verify_result (const mbedtls_ssl_context *ssl)
 Return the result of the certificate verification.
 
int mbedtls_ssl_get_ciphersuite_id_from_ssl (const mbedtls_ssl_context *ssl)
 Return the id of the current ciphersuite.
 
const char * mbedtls_ssl_get_ciphersuite (const mbedtls_ssl_context *ssl)
 Return the name of the current ciphersuite.
 
static mbedtls_ssl_protocol_version mbedtls_ssl_get_version_number (const mbedtls_ssl_context *ssl)
 Return the (D)TLS protocol version negotiated in the given connection.
 
const char * mbedtls_ssl_get_version (const mbedtls_ssl_context *ssl)
 Return the current TLS version.
 
int mbedtls_ssl_get_record_expansion (const mbedtls_ssl_context *ssl)
 Return the (maximum) number of bytes added by the record layer: header + encryption/MAC overhead (inc. padding)
 
int mbedtls_ssl_get_max_out_record_payload (const mbedtls_ssl_context *ssl)
 Return the current maximum outgoing record payload in bytes.
 
int mbedtls_ssl_get_max_in_record_payload (const mbedtls_ssl_context *ssl)
 Return the current maximum incoming record payload in bytes.
 
const mbedtls_x509_crtmbedtls_ssl_get_peer_cert (const mbedtls_ssl_context *ssl)
 Return the peer certificate from the current connection.
 
int mbedtls_ssl_get_session (const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session)
 Export a session in order to resume it later.
 
int mbedtls_ssl_handshake (mbedtls_ssl_context *ssl)
 Perform the SSL handshake.
 
static int mbedtls_ssl_is_handshake_over (mbedtls_ssl_context *ssl)
 After calling mbedtls_ssl_handshake() to start the SSL handshake you can call this function to check whether the handshake is over for a given SSL context. This function should be also used to determine when to stop calling mbedtls_handshake_step() for that context.
 
int mbedtls_ssl_handshake_step (mbedtls_ssl_context *ssl)
 Perform a single step of the SSL handshake.
 
int mbedtls_ssl_renegotiate (mbedtls_ssl_context *ssl)
 Initiate an SSL renegotiation on the running connection. Client: perform the renegotiation right now. Server: request renegotiation, which will be performed during the next call to mbedtls_ssl_read() if honored by client.
 
int mbedtls_ssl_read (mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
 Read at most 'len' application data bytes.
 
int mbedtls_ssl_write (mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len)
 Try to write exactly 'len' application data bytes.
 
int mbedtls_ssl_send_alert_message (mbedtls_ssl_context *ssl, unsigned char level, unsigned char message)
 Send an alert message.
 
int mbedtls_ssl_close_notify (mbedtls_ssl_context *ssl)
 Notify the peer that the connection is being closed.
 
void mbedtls_ssl_free (mbedtls_ssl_context *ssl)
 Free referenced items in an SSL context and clear memory.
 
int mbedtls_ssl_context_save (mbedtls_ssl_context *ssl, unsigned char *buf, size_t buf_len, size_t *olen)
 Save an active connection as serialized data in a buffer. This allows the freeing or re-using of the SSL context while still picking up the connection later in a way that it entirely transparent to the peer.
 
int mbedtls_ssl_context_load (mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len)
 Load serialized connection data to an SSL context.
 
void mbedtls_ssl_config_init (mbedtls_ssl_config *conf)
 Initialize an SSL configuration context Just makes the context ready for mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().
 
int mbedtls_ssl_config_defaults (mbedtls_ssl_config *conf, int endpoint, int transport, int preset)
 Load reasonable default SSL configuration values. (You need to call mbedtls_ssl_config_init() first.)
 
void mbedtls_ssl_config_free (mbedtls_ssl_config *conf)
 Free an SSL configuration context.
 
void mbedtls_ssl_session_init (mbedtls_ssl_session *session)
 Initialize SSL session structure.
 
void mbedtls_ssl_session_free (mbedtls_ssl_session *session)
 Free referenced items in an SSL session including the peer certificate and clear memory.
 
int mbedtls_ssl_tls_prf (const mbedtls_tls_prf_types prf, const unsigned char *secret, size_t slen, const char *label, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen)
 TLS-PRF function for key derivation.
 

Detailed Description

SSL/TLS functions.

Definition in file ssl.h.

Macro Definition Documentation

◆ MBEDTLS_ERR_SSL_ALLOC_FAILED

#define MBEDTLS_ERR_SSL_ALLOC_FAILED   -0x7F00

Memory allocation failed

Definition at line 109 of file ssl.h.

◆ MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS

#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS   -0x6500

The asynchronous operation is not completed yet.

Definition at line 152 of file ssl.h.

◆ MBEDTLS_ERR_SSL_BAD_CERTIFICATE

#define MBEDTLS_ERR_SSL_BAD_CERTIFICATE   -0x7A00

Processing of the Certificate handshake message failed.

Definition at line 84 of file ssl.h.

◆ MBEDTLS_ERR_SSL_BAD_CONFIG

#define MBEDTLS_ERR_SSL_BAD_CONFIG   -0x5E80

Invalid value in SSL config

Definition at line 168 of file ssl.h.

◆ MBEDTLS_ERR_SSL_BAD_INPUT_DATA

#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA   -0x7100

Bad input parameters to function.

Definition at line 51 of file ssl.h.

Referenced by mbedtls_ssl_session_get_ticket_creation_time().

◆ MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION

#define MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION   -0x6E80

Handshake protocol not within min/max boundaries

Definition at line 115 of file ssl.h.

◆ MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL

#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL   -0x6A00

A buffer is too small to receive or write a message

Definition at line 133 of file ssl.h.

◆ MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED

#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED   -0x7680

No CA Chain is set, but required to operate.

Definition at line 72 of file ssl.h.

◆ MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND

#define MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND   -0x7E80

Cache entry not found

Definition at line 107 of file ssl.h.

◆ MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA

#define MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA   -0x7B80

Not possible to read early data

Definition at line 89 of file ssl.h.

◆ MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA

#define MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA   -0x7C80

Not possible to write early data

Definition at line 101 of file ssl.h.

◆ MBEDTLS_ERR_SSL_CLIENT_RECONNECT

#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT   -0x6780

The client initiated a reconnect from the same port.

Definition at line 142 of file ssl.h.

◆ MBEDTLS_ERR_SSL_CONN_EOF

#define MBEDTLS_ERR_SSL_CONN_EOF   -0x7280

The connection indicated an EOF.

Definition at line 57 of file ssl.h.

◆ MBEDTLS_ERR_SSL_CONTINUE_PROCESSING

#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING   -0x6580

Internal-only message signaling that further message-processing should be done

Definition at line 150 of file ssl.h.

◆ MBEDTLS_ERR_SSL_COUNTER_WRAPPING

#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING   -0x6B80

A counter would wrap (eg, too many messages exchanged).

Definition at line 127 of file ssl.h.

◆ MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS

#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS   -0x7000

A cryptographic operation is in progress. Try again later.

Definition at line 47 of file ssl.h.

◆ MBEDTLS_ERR_SSL_DECODE_ERROR

#define MBEDTLS_ERR_SSL_DECODE_ERROR   -0x7300

A message could not be parsed due to a syntactic error.

Definition at line 59 of file ssl.h.

◆ MBEDTLS_ERR_SSL_EARLY_MESSAGE

#define MBEDTLS_ERR_SSL_EARLY_MESSAGE   -0x6480

Internal-only message signaling that a message arrived early.

Definition at line 154 of file ssl.h.

◆ MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE

#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE   -0x7780

A fatal alert message was received from our peer.

Definition at line 76 of file ssl.h.

◆ MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE

#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE   -0x7080

The requested feature is not available.

Definition at line 49 of file ssl.h.

◆ MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE

#define MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE   -0x6E00

The handshake negotiation failed.

Definition at line 117 of file ssl.h.

◆ MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED

#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED   -0x6A80

DTLS client must retry for hello verification

Definition at line 131 of file ssl.h.

◆ MBEDTLS_ERR_SSL_HW_ACCEL_FAILED

#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED   -0x7F80

Hardware acceleration function returned with error

Definition at line 111 of file ssl.h.

◆ MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH

#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH   -0x6F80

Hardware acceleration function skipped / left alone data

Definition at line 113 of file ssl.h.

◆ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER

#define MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER   -0x6600

A field in a message was incorrect or inconsistent with other fields.

Definition at line 148 of file ssl.h.

◆ MBEDTLS_ERR_SSL_INTERNAL_ERROR

#define MBEDTLS_ERR_SSL_INTERNAL_ERROR   -0x6C00

Internal error (eg, unexpected failure in lower-level module)

Definition at line 125 of file ssl.h.

◆ MBEDTLS_ERR_SSL_INVALID_MAC

#define MBEDTLS_ERR_SSL_INVALID_MAC   -0x7180

Verification of the message MAC failed.

Definition at line 53 of file ssl.h.

◆ MBEDTLS_ERR_SSL_INVALID_RECORD

#define MBEDTLS_ERR_SSL_INVALID_RECORD   -0x7200

An invalid SSL record was received.

Definition at line 55 of file ssl.h.

◆ MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL

#define MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL   -0x7580

No ALPN protocols supported that the client advertises

Definition at line 68 of file ssl.h.

◆ MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE

#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE   -0x7480

No client certification received from the client, but required by the authentication mode.

Definition at line 64 of file ssl.h.

◆ MBEDTLS_ERR_SSL_NO_RNG

#define MBEDTLS_ERR_SSL_NO_RNG   -0x7400

No RNG was provided to the SSL module.

Definition at line 62 of file ssl.h.

◆ MBEDTLS_ERR_SSL_NON_FATAL

#define MBEDTLS_ERR_SSL_NON_FATAL   -0x6680

The alert message received indicates a non-fatal error.

Definition at line 146 of file ssl.h.

◆ MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY

#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY   -0x7880

The peer notified us that the connection is going to be closed.

Definition at line 80 of file ssl.h.

◆ MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH

#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH   -0x6D00

Public key type mismatch (eg, asked for RSA key exchange and presented EC key)

Definition at line 121 of file ssl.h.

◆ MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED

#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED   -0x7600

The own private key or pre-shared key is not set, but needed.

Definition at line 70 of file ssl.h.

◆ MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA

#define MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA   -0x7C00

Early data has been received as part of an on-going handshake. This error code can be returned only on server side if and only if early data has been enabled by means of the mbedtls_ssl_conf_early_data() API. This error code can then be returned by mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or mbedtls_ssl_write() if early data has been received as part of the handshake sequence they triggered. To read the early data, call mbedtls_ssl_read_early_data().

Definition at line 99 of file ssl.h.

◆ MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET

#define MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET   -0x7B00

A TLS 1.3 NewSessionTicket message has been received.

Definition at line 87 of file ssl.h.

◆ MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED

#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED   -0x6D80

Session ticket has expired.

Definition at line 119 of file ssl.h.

◆ MBEDTLS_ERR_SSL_TIMEOUT

#define MBEDTLS_ERR_SSL_TIMEOUT   -0x6800

The operation timed out.

Definition at line 140 of file ssl.h.

◆ MBEDTLS_ERR_SSL_UNEXPECTED_CID

#define MBEDTLS_ERR_SSL_UNEXPECTED_CID   -0x6000

An encrypted DTLS-frame with an unexpected CID was received.

Definition at line 164 of file ssl.h.

◆ MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE

#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE   -0x7700

An unexpected message was received from our peer.

Definition at line 74 of file ssl.h.

◆ MBEDTLS_ERR_SSL_UNEXPECTED_RECORD

#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD   -0x6700

Record header looks valid but is not expected.

Definition at line 144 of file ssl.h.

◆ MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY

#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY   -0x6C80

Unknown identity received (eg, PSK identity)

Definition at line 123 of file ssl.h.

◆ MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME

#define MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME   -0x7800

No server could be identified matching the client's SNI.

Definition at line 78 of file ssl.h.

◆ MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION

#define MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION   -0x7500

Client received an extended server hello containing an unsupported extension

Definition at line 66 of file ssl.h.

◆ MBEDTLS_ERR_SSL_VERSION_MISMATCH

#define MBEDTLS_ERR_SSL_VERSION_MISMATCH   -0x5F00

An operation failed due to an unexpected version or configuration.

Definition at line 166 of file ssl.h.

◆ MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO

#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO   -0x6B00

Unexpected message at ServerHello in renegotiation.

Definition at line 129 of file ssl.h.

◆ MBEDTLS_ERR_SSL_WANT_READ

#define MBEDTLS_ERR_SSL_WANT_READ   -0x6900

No data of requested type currently available on underlying transport.

Definition at line 136 of file ssl.h.

◆ MBEDTLS_ERR_SSL_WANT_WRITE

#define MBEDTLS_ERR_SSL_WANT_WRITE   -0x6880

Connection requires a write call.

Definition at line 138 of file ssl.h.

◆ MBEDTLS_PREMASTER_SIZE

#define MBEDTLS_PREMASTER_SIZE   sizeof(union mbedtls_ssl_premaster_secret)

Definition at line 688 of file ssl.h.

◆ MBEDTLS_PSK_MAX_LEN

#define MBEDTLS_PSK_MAX_LEN   48 /* 384 bits */

Definition at line 648 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_LEVEL_FATAL

#define MBEDTLS_SSL_ALERT_LEVEL_FATAL   2

Definition at line 530 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_LEVEL_WARNING

#define MBEDTLS_SSL_ALERT_LEVEL_WARNING   1

Definition at line 529 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED

#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED   49 /* 0x31 */

Definition at line 547 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_BAD_CERT

#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT   42 /* 0x2A */

Definition at line 540 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC

#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC   20 /* 0x14 */

Definition at line 534 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED

#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED   45 /* 0x2D */

Definition at line 543 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_CERT_REQUIRED

#define MBEDTLS_SSL_ALERT_MSG_CERT_REQUIRED   116 /* 0x74 */

Definition at line 561 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED

#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED   44 /* 0x2C */

Definition at line 542 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN

#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN   46 /* 0x2E */

Definition at line 544 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY

#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY   0 /* 0x00 */

Definition at line 532 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR

#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR   50 /* 0x32 */

Definition at line 548 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE

#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE   30 /* 0x1E */

Definition at line 537 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR

#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR   51 /* 0x33 */

Definition at line 549 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED

#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED   21 /* 0x15 */

Definition at line 535 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION

#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION   60 /* 0x3C */

Definition at line 550 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE

#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE   40 /* 0x28 */

Definition at line 538 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER

#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER   47 /* 0x2F */

Definition at line 545 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK

#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK   86 /* 0x56 */

Definition at line 554 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY

#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY   71 /* 0x47 */

Definition at line 552 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR

#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR   80 /* 0x50 */

Definition at line 553 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION

#define MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION   109 /* 0x6d -- new in TLS 1.3 */

Definition at line 557 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL

#define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL   120 /* 0x78 */

Definition at line 562 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_NO_CERT

#define MBEDTLS_SSL_ALERT_MSG_NO_CERT   41 /* 0x29 */

Definition at line 539 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION

#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION   100 /* 0x64 */

Definition at line 556 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION

#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION   70 /* 0x46 */

Definition at line 551 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW

#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW   22 /* 0x16 */

Definition at line 536 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE

#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE   10 /* 0x0A */

Definition at line 533 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA

#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA   48 /* 0x30 */

Definition at line 546 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY

#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY   115 /* 0x73 */

Definition at line 560 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME

#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME   112 /* 0x70 */

Definition at line 559 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT

#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT   43 /* 0x2B */

Definition at line 541 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT

#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT   110 /* 0x6E */

Definition at line 558 of file ssl.h.

◆ MBEDTLS_SSL_ALERT_MSG_USER_CANCELED

#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED   90 /* 0x5A */

Definition at line 555 of file ssl.h.

◆ MBEDTLS_SSL_ANTI_REPLAY_DISABLED

#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED   0

Definition at line 307 of file ssl.h.

◆ MBEDTLS_SSL_ANTI_REPLAY_ENABLED

#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED   1

Definition at line 308 of file ssl.h.

◆ MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED

#define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED   0

Definition at line 331 of file ssl.h.

◆ MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED

#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED   1

Definition at line 330 of file ssl.h.

◆ MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN

#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN   64

Definition at line 518 of file ssl.h.

◆ MBEDTLS_SSL_CERT_TYPE_RSA_SIGN

#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN   1

Definition at line 517 of file ssl.h.

◆ MBEDTLS_SSL_CID_DISABLED

#define MBEDTLS_SSL_CID_DISABLED   0

Definition at line 288 of file ssl.h.

◆ MBEDTLS_SSL_CID_ENABLED

#define MBEDTLS_SSL_CID_ENABLED   1

Definition at line 289 of file ssl.h.

◆ MBEDTLS_SSL_CID_IN_LEN_MAX

#define MBEDTLS_SSL_CID_IN_LEN_MAX   32

The maximum length of CIDs used for incoming DTLS messages.

Definition at line 415 of file ssl.h.

◆ MBEDTLS_SSL_CID_OUT_LEN_MAX

#define MBEDTLS_SSL_CID_OUT_LEN_MAX   32

The maximum length of CIDs used for outgoing DTLS messages.

Definition at line 419 of file ssl.h.

◆ MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY

#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY   16

This option controls the use of record plaintext padding in TLS 1.3 and when using the Connection ID extension in DTLS 1.2.

The padding will always be chosen so that the length of the padded plaintext is a multiple of the value of this option.

Note: A value of 1 means that no padding will be used for outgoing records.

Note: On systems lacking division instructions, a power of two should be preferred.

Definition at line 423 of file ssl.h.

◆ MBEDTLS_SSL_COMPRESS_NULL

#define MBEDTLS_SSL_COMPRESS_NULL   0

Definition at line 294 of file ssl.h.

◆ MBEDTLS_SSL_DTLS_MAX_BUFFERING

#define MBEDTLS_SSL_DTLS_MAX_BUFFERING   32768

Maximum number of heap-allocated bytes for the purpose of DTLS handshake message reassembly and future message buffering.

This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN to account for a reassembled handshake message of maximum size, together with its reassembly bitmap.

A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default) should be sufficient for all practical situations as it allows to reassembly a large handshake message (such as a certificate) while buffering multiple smaller handshake messages.

Definition at line 408 of file ssl.h.

◆ MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED

#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED   1

Definition at line 337 of file ssl.h.

◆ MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED

#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED   0

Definition at line 336 of file ssl.h.

◆ MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX

#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX   60000

Definition at line 354 of file ssl.h.

◆ MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN

#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN   1000

Definition at line 353 of file ssl.h.

◆ MBEDTLS_SSL_EARLY_DATA_DISABLED

#define MBEDTLS_SSL_EARLY_DATA_DISABLED   0

Definition at line 333 of file ssl.h.

◆ MBEDTLS_SSL_EARLY_DATA_DISCARD

#define MBEDTLS_SSL_EARLY_DATA_DISCARD   2

Definition at line 374 of file ssl.h.

◆ MBEDTLS_SSL_EARLY_DATA_ENABLED

#define MBEDTLS_SSL_EARLY_DATA_ENABLED   1

Definition at line 334 of file ssl.h.

◆ MBEDTLS_SSL_EARLY_DATA_NO_DISCARD

#define MBEDTLS_SSL_EARLY_DATA_NO_DISCARD   0

Definition at line 372 of file ssl.h.

◆ MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD

#define MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD   1

Definition at line 373 of file ssl.h.

◆ MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO

#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO   0xFF

renegotiation info ext

Definition at line 460 of file ssl.h.

◆ MBEDTLS_SSL_ETM_DISABLED

#define MBEDTLS_SSL_ETM_DISABLED   0

Definition at line 291 of file ssl.h.

◆ MBEDTLS_SSL_ETM_ENABLED

#define MBEDTLS_SSL_ETM_ENABLED   1

Definition at line 292 of file ssl.h.

◆ MBEDTLS_SSL_EXTENDED_MS_DISABLED

#define MBEDTLS_SSL_EXTENDED_MS_DISABLED   0

Definition at line 285 of file ssl.h.

◆ MBEDTLS_SSL_EXTENDED_MS_ENABLED

#define MBEDTLS_SSL_EXTENDED_MS_ENABLED   1

Definition at line 286 of file ssl.h.

◆ MBEDTLS_SSL_HASH_MD5

#define MBEDTLS_SSL_HASH_MD5   1

Definition at line 467 of file ssl.h.

◆ MBEDTLS_SSL_HASH_NONE

#define MBEDTLS_SSL_HASH_NONE   0

Definition at line 466 of file ssl.h.

◆ MBEDTLS_SSL_HASH_SHA1

#define MBEDTLS_SSL_HASH_SHA1   2

Definition at line 468 of file ssl.h.

◆ MBEDTLS_SSL_HASH_SHA224

#define MBEDTLS_SSL_HASH_SHA224   3

Definition at line 469 of file ssl.h.

◆ MBEDTLS_SSL_HASH_SHA256

#define MBEDTLS_SSL_HASH_SHA256   4

Definition at line 470 of file ssl.h.

◆ MBEDTLS_SSL_HASH_SHA384

#define MBEDTLS_SSL_HASH_SHA384   5

Definition at line 471 of file ssl.h.

◆ MBEDTLS_SSL_HASH_SHA512

#define MBEDTLS_SSL_HASH_SHA512   6

Definition at line 472 of file ssl.h.

◆ MBEDTLS_SSL_HS_CERTIFICATE

#define MBEDTLS_SSL_HS_CERTIFICATE   11

Definition at line 571 of file ssl.h.

◆ MBEDTLS_SSL_HS_CERTIFICATE_REQUEST

#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST   13

Definition at line 573 of file ssl.h.

◆ MBEDTLS_SSL_HS_CERTIFICATE_VERIFY

#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY   15

Definition at line 575 of file ssl.h.

◆ MBEDTLS_SSL_HS_CLIENT_HELLO

#define MBEDTLS_SSL_HS_CLIENT_HELLO   1

Definition at line 565 of file ssl.h.

◆ MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE

#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE   16

Definition at line 576 of file ssl.h.

◆ MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS

#define MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS   8

Definition at line 570 of file ssl.h.

◆ MBEDTLS_SSL_HS_END_OF_EARLY_DATA

#define MBEDTLS_SSL_HS_END_OF_EARLY_DATA   5

Definition at line 569 of file ssl.h.

◆ MBEDTLS_SSL_HS_FINISHED

#define MBEDTLS_SSL_HS_FINISHED   20

Definition at line 577 of file ssl.h.

◆ MBEDTLS_SSL_HS_HELLO_REQUEST

#define MBEDTLS_SSL_HS_HELLO_REQUEST   0

Definition at line 564 of file ssl.h.

◆ MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST

#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST   3

Definition at line 567 of file ssl.h.

◆ MBEDTLS_SSL_HS_MESSAGE_HASH

#define MBEDTLS_SSL_HS_MESSAGE_HASH   254

Definition at line 578 of file ssl.h.

◆ MBEDTLS_SSL_HS_NEW_SESSION_TICKET

#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET   4

Definition at line 568 of file ssl.h.

◆ MBEDTLS_SSL_HS_SERVER_HELLO

#define MBEDTLS_SSL_HS_SERVER_HELLO   2

Definition at line 566 of file ssl.h.

◆ MBEDTLS_SSL_HS_SERVER_HELLO_DONE

#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE   14

Definition at line 574 of file ssl.h.

◆ MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE

#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE   12

Definition at line 572 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1

#define MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1   0x001A

Definition at line 208 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1

#define MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1   0x001B

Definition at line 209 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1

#define MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1   0x001C

Definition at line 210 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048

#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048   0x0100

Definition at line 214 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072

#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072   0x0101

Definition at line 215 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096

#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096   0x0102

Definition at line 216 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144

#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144   0x0103

Definition at line 217 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192

#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192   0x0104

Definition at line 218 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_NONE

#define MBEDTLS_SSL_IANA_TLS_GROUP_NONE   0

Definition at line 199 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1

#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1   0x0012

Definition at line 200 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1

#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1   0x0013

Definition at line 201 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1

#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1   0x0014

Definition at line 202 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1

#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1   0x0015

Definition at line 203 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1

#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1   0x0016

Definition at line 204 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1

#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1   0x0017

Definition at line 205 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1

#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1   0x0018

Definition at line 206 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1

#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1   0x0019

Definition at line 207 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_X25519

#define MBEDTLS_SSL_IANA_TLS_GROUP_X25519   0x001D

Definition at line 211 of file ssl.h.

◆ MBEDTLS_SSL_IANA_TLS_GROUP_X448

#define MBEDTLS_SSL_IANA_TLS_GROUP_X448   0x001E

Definition at line 212 of file ssl.h.

◆ MBEDTLS_SSL_IN_CONTENT_LEN

#define MBEDTLS_SSL_IN_CONTENT_LEN   16384

Maximum length (in bytes) of incoming plaintext fragments.

This determines the size of the incoming TLS I/O buffer in such a way that it is capable of holding the specified amount of plaintext data, regardless of the protection mechanism used.

Note
When using a value less than the default of 16KB on the client, it is recommended to use the Maximum Fragment Length (MFL) extension to inform the server about this limitation. On the server, there is no supported, standardized way of informing the client about restriction on the maximum size of incoming messages, and unless the limitation has been communicated by other means, it is recommended to only change the outgoing buffer size MBEDTLS_SSL_OUT_CONTENT_LEN while keeping the default value of 16KB for the incoming buffer.

Uncomment to set the maximum plaintext size of the incoming I/O buffer.

Definition at line 396 of file ssl.h.

◆ MBEDTLS_SSL_IS_CLIENT

#define MBEDTLS_SSL_IS_CLIENT   0

Definition at line 282 of file ssl.h.

◆ MBEDTLS_SSL_IS_SERVER

#define MBEDTLS_SSL_IS_SERVER   1

Definition at line 283 of file ssl.h.

Referenced by mbedtls_ssl_session_get_ticket_creation_time().

◆ MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION

#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION   1

Definition at line 314 of file ssl.h.

◆ MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE

#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE   2

Definition at line 315 of file ssl.h.

◆ MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION

#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION   0

Definition at line 313 of file ssl.h.

◆ MBEDTLS_SSL_LEGACY_RENEGOTIATION

#define MBEDTLS_SSL_LEGACY_RENEGOTIATION   0

Definition at line 301 of file ssl.h.

◆ MBEDTLS_SSL_MAJOR_VERSION_3

#define MBEDTLS_SSL_MAJOR_VERSION_3   3

Definition at line 260 of file ssl.h.

◆ MBEDTLS_SSL_MAX_ALPN_LIST_LEN

#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN   65535

Maximum size in bytes of list in alpn ext., RFC 7301

Definition at line 271 of file ssl.h.

◆ MBEDTLS_SSL_MAX_ALPN_NAME_LEN

#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN   255

Maximum size in bytes of a protocol name in alpn ext., RFC 7301

Definition at line 269 of file ssl.h.

◆ MBEDTLS_SSL_MAX_EARLY_DATA_SIZE

#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE   1024

Complete list of ciphersuites to use, in order of preference.

Warning
No dependency checking is done on that field! This option can only be used to restrict the set of available ciphersuites. It is your responsibility to make sure the needed modules are active.

Use this to save a few hundred bytes of ROM (default ordering of all available ciphersuites) and a few to a few hundred bytes of RAM.

The value below is only an example, not the default.

The default maximum amount of 0-RTT data. See the documentation of mbedtls_ssl_conf_max_early_data_size() for more information.

It must be positive and smaller than UINT32_MAX.

If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not have any impact on the build.

Definition at line 427 of file ssl.h.

◆ MBEDTLS_SSL_MAX_FRAG_LEN_1024

#define MBEDTLS_SSL_MAX_FRAG_LEN_1024   2

MaxFragmentLength 2^10

Definition at line 277 of file ssl.h.

◆ MBEDTLS_SSL_MAX_FRAG_LEN_2048

#define MBEDTLS_SSL_MAX_FRAG_LEN_2048   3

MaxFragmentLength 2^11

Definition at line 278 of file ssl.h.

◆ MBEDTLS_SSL_MAX_FRAG_LEN_4096

#define MBEDTLS_SSL_MAX_FRAG_LEN_4096   4

MaxFragmentLength 2^12

Definition at line 279 of file ssl.h.

◆ MBEDTLS_SSL_MAX_FRAG_LEN_512

#define MBEDTLS_SSL_MAX_FRAG_LEN_512   1

MaxFragmentLength 2^9

Definition at line 276 of file ssl.h.

◆ MBEDTLS_SSL_MAX_FRAG_LEN_INVALID

#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID   5

first invalid value

Definition at line 280 of file ssl.h.

◆ MBEDTLS_SSL_MAX_FRAG_LEN_NONE

#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE   0

don't use this extension

Definition at line 275 of file ssl.h.

◆ MBEDTLS_SSL_MAX_HOST_NAME_LEN

#define MBEDTLS_SSL_MAX_HOST_NAME_LEN   255

Maximum host name defined in RFC 1035

Definition at line 268 of file ssl.h.

◆ MBEDTLS_SSL_MINOR_VERSION_3

#define MBEDTLS_SSL_MINOR_VERSION_3   3

TLS v1.2

Definition at line 261 of file ssl.h.

◆ MBEDTLS_SSL_MINOR_VERSION_4

#define MBEDTLS_SSL_MINOR_VERSION_4   4

TLS v1.3

Definition at line 262 of file ssl.h.

◆ MBEDTLS_SSL_MSG_ALERT

#define MBEDTLS_SSL_MSG_ALERT   21

Definition at line 524 of file ssl.h.

◆ MBEDTLS_SSL_MSG_APPLICATION_DATA

#define MBEDTLS_SSL_MSG_APPLICATION_DATA   23

Definition at line 526 of file ssl.h.

◆ MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC

#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC   20

Definition at line 523 of file ssl.h.

◆ MBEDTLS_SSL_MSG_CID

#define MBEDTLS_SSL_MSG_CID   25

Definition at line 527 of file ssl.h.

◆ MBEDTLS_SSL_MSG_HANDSHAKE

#define MBEDTLS_SSL_MSG_HANDSHAKE   22

Definition at line 525 of file ssl.h.

◆ MBEDTLS_SSL_OUT_CONTENT_LEN

#define MBEDTLS_SSL_OUT_CONTENT_LEN   16384

Maximum length (in bytes) of outgoing plaintext fragments.

This determines the size of the outgoing TLS I/O buffer in such a way that it is capable of holding the specified amount of plaintext data, regardless of the protection mechanism used.

It is possible to save RAM by setting a smaller outward buffer, while keeping the default inward 16384 byte buffer to conform to the TLS specification.

The minimum required outward buffer size is determined by the handshake protocol's usage. Handshaking will fail if the outward buffer is too small. The specific size requirement depends on the configured ciphers and any certificate data which is sent during the handshake.

Uncomment to set the maximum plaintext size of the outgoing I/O buffer.

Definition at line 400 of file ssl.h.

◆ MBEDTLS_SSL_PRESET_DEFAULT

#define MBEDTLS_SSL_PRESET_DEFAULT   0

Definition at line 327 of file ssl.h.

◆ MBEDTLS_SSL_PRESET_SUITEB

#define MBEDTLS_SSL_PRESET_SUITEB   2

Definition at line 328 of file ssl.h.

◆ MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT

#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT   16

Definition at line 311 of file ssl.h.

◆ MBEDTLS_SSL_RENEGOTIATION_DISABLED

#define MBEDTLS_SSL_RENEGOTIATION_DISABLED   0

Definition at line 304 of file ssl.h.

◆ MBEDTLS_SSL_RENEGOTIATION_ENABLED

#define MBEDTLS_SSL_RENEGOTIATION_ENABLED   1

Definition at line 305 of file ssl.h.

◆ MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED

#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED   -1

Definition at line 310 of file ssl.h.

◆ MBEDTLS_SSL_SECURE_RENEGOTIATION

#define MBEDTLS_SSL_SECURE_RENEGOTIATION   1

Definition at line 302 of file ssl.h.

◆ MBEDTLS_SSL_SEQUENCE_NUMBER_LEN

#define MBEDTLS_SSL_SEQUENCE_NUMBER_LEN   8

Definition at line 694 of file ssl.h.

◆ MBEDTLS_SSL_SESSION_TICKETS_DISABLED

#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED   0

Definition at line 321 of file ssl.h.

◆ MBEDTLS_SSL_SESSION_TICKETS_ENABLED

#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED   1

Definition at line 322 of file ssl.h.

◆ MBEDTLS_SSL_SIG_ANON

#define MBEDTLS_SSL_SIG_ANON   0

Definition at line 474 of file ssl.h.

◆ MBEDTLS_SSL_SIG_ECDSA

#define MBEDTLS_SSL_SIG_ECDSA   3

Definition at line 476 of file ssl.h.

◆ MBEDTLS_SSL_SIG_RSA

#define MBEDTLS_SSL_SIG_RSA   1

Definition at line 475 of file ssl.h.

◆ MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT

#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT   1

Definition at line 339 of file ssl.h.

◆ MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER

#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER   0

Definition at line 340 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS

#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS   1

Default number of NewSessionTicket messages to be sent by a TLS 1.3 server after handshake completion. This is not used in TLS 1.2 and relevant only if the MBEDTLS_SSL_SESSION_TICKETS option is enabled.

Definition at line 439 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL

#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL
Value:
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL
Definition ssl.h:230
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK
Definition ssl.h:227
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL
Definition ssl.h:233

All TLS 1.3 key exchanges

Definition at line 238 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL

#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL   (1u << 1)

Pure-Ephemeral TLS 1.3 key exchanges, including for example ECDHE and DHE key exchanges.

Definition at line 230 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL

#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL
Value:

All ephemeral TLS 1.3 key exchanges

Definition at line 245 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE

#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE   (0)

Definition at line 249 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK

#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK   (1u << 0)

Pure-PSK TLS 1.3 key exchange, encompassing both externally agreed PSKs as well as resumption PSKs.

Definition at line 227 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL

#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL
Value:

All PSK-based TLS 1.3 key exchanges

Definition at line 242 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL

#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL   (1u << 2)

PSK-Ephemeral TLS 1.3 key exchanges, using both a PSK and an ephemeral key exchange.

Definition at line 233 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE

#define MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE   1 /* PSK+ECDHE-based exchange */

Definition at line 177 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE

#define MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE   0 /* Pure PSK-based exchange */

Definition at line 176 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_DISABLED

#define MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_DISABLED   0

Definition at line 324 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED

#define MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED   1

Definition at line 325 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE

#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE   6000

Maximum allowed ticket age difference in milliseconds tolerated between server and client. Default value is 6000. This is not used in TLS 1.2.

  • The client ticket age is the time difference between the time when the client proposes to the server to use the ticket and the time the client received the ticket from the server.
  • The server ticket age is the time difference between the time when the server receives a proposition from the client to use the ticket and the time when the ticket was created by the server.

The ages might be different due to the client and server clocks not running at the same pace. The typical accuracy of an RTC crystal is ±100 to ±20 parts per million (360 to 72 milliseconds per hour). Default tolerance window is 6s, thus in the worst case clients and servers must sync up their system time every 6000/360/2~=8 hours.

See section 8.3 of the TLS 1.3 specification(RFC 8446) for more information.

Definition at line 431 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA

#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA   (1U << 3)

Definition at line 883 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION

#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION    MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL /* 1U << 2 */

Definition at line 881 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION

#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION    MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK /* 1U << 0 */

Definition at line 879 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK

#define MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK
Value:
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION
Definition ssl.h:881
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA
Definition ssl.h:883
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION
Definition ssl.h:879

Definition at line 885 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH

#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH   32

Size in bytes of a ticket nonce. This is not used in TLS 1.2.

This must be less than 256.

Definition at line 435 of file ssl.h.

◆ MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN

#define MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN   48

Definition at line 344 of file ssl.h.

◆ MBEDTLS_SSL_TRANSPORT_DATAGRAM

#define MBEDTLS_SSL_TRANSPORT_DATAGRAM   1

DTLS

Definition at line 266 of file ssl.h.

◆ MBEDTLS_SSL_TRANSPORT_STREAM

#define MBEDTLS_SSL_TRANSPORT_STREAM   0

TLS

Definition at line 265 of file ssl.h.

◆ MBEDTLS_SSL_TRUNC_HMAC_DISABLED

#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED   0

Definition at line 317 of file ssl.h.

◆ MBEDTLS_SSL_TRUNC_HMAC_ENABLED

#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED   1

Definition at line 318 of file ssl.h.

◆ MBEDTLS_SSL_TRUNCATED_HMAC_LEN

#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN   10 /* 80 bits, rfc 6066 section 7 */

Definition at line 319 of file ssl.h.

◆ MBEDTLS_SSL_UNEXPECTED_CID_FAIL

#define MBEDTLS_SSL_UNEXPECTED_CID_FAIL   1

Definition at line 3428 of file ssl.h.

◆ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE

#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE   0

Definition at line 3427 of file ssl.h.

◆ MBEDTLS_SSL_VERIFY_DATA_MAX_LEN

#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN   12

Definition at line 455 of file ssl.h.

◆ MBEDTLS_SSL_VERIFY_NONE

#define MBEDTLS_SSL_VERIFY_NONE   0

Definition at line 296 of file ssl.h.

◆ MBEDTLS_SSL_VERIFY_OPTIONAL

#define MBEDTLS_SSL_VERIFY_OPTIONAL   1

Definition at line 297 of file ssl.h.

◆ MBEDTLS_SSL_VERIFY_REQUIRED

#define MBEDTLS_SSL_VERIFY_REQUIRED   2

Definition at line 298 of file ssl.h.

◆ MBEDTLS_SSL_VERIFY_UNSET

#define MBEDTLS_SSL_VERIFY_UNSET   3 /* Used only for sni_authmode */

Definition at line 299 of file ssl.h.

◆ MBEDTLS_TLS1_3_MD_MAX_SIZE

#define MBEDTLS_TLS1_3_MD_MAX_SIZE   PSA_HASH_MAX_SIZE

Definition at line 690 of file ssl.h.

◆ MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256

#define MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256   0x0403

Definition at line 489 of file ssl.h.

◆ MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384

#define MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384   0x0503

Definition at line 490 of file ssl.h.

◆ MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512

#define MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512   0x0603

Definition at line 491 of file ssl.h.

◆ MBEDTLS_TLS1_3_SIG_ECDSA_SHA1

#define MBEDTLS_TLS1_3_SIG_ECDSA_SHA1   0x0203

Definition at line 509 of file ssl.h.

◆ MBEDTLS_TLS1_3_SIG_ED25519

#define MBEDTLS_TLS1_3_SIG_ED25519   0x0807

Definition at line 499 of file ssl.h.

◆ MBEDTLS_TLS1_3_SIG_ED448

#define MBEDTLS_TLS1_3_SIG_ED448   0x0808

Definition at line 500 of file ssl.h.

◆ MBEDTLS_TLS1_3_SIG_NONE

#define MBEDTLS_TLS1_3_SIG_NONE   0x0

Definition at line 511 of file ssl.h.

◆ MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1

#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1   0x0201

Definition at line 508 of file ssl.h.

◆ MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256

#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256   0x0401

Definition at line 484 of file ssl.h.

◆ MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384

#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384   0x0501

Definition at line 485 of file ssl.h.

◆ MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512

#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512   0x0601

Definition at line 486 of file ssl.h.

◆ MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256

#define MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256   0x0809

Definition at line 503 of file ssl.h.

◆ MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384

#define MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384   0x080A

Definition at line 504 of file ssl.h.

◆ MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512

#define MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512   0x080B

Definition at line 505 of file ssl.h.

◆ MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256

#define MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256   0x0804

Definition at line 494 of file ssl.h.

◆ MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384

#define MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384   0x0805

Definition at line 495 of file ssl.h.

◆ MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512

#define MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512   0x0806

Definition at line 496 of file ssl.h.

◆ MBEDTLS_TLS_EXT_ALPN

#define MBEDTLS_TLS_EXT_ALPN   16

Definition at line 598 of file ssl.h.

◆ MBEDTLS_TLS_EXT_CERT_AUTH

#define MBEDTLS_TLS_EXT_CERT_AUTH   47 /* RFC 8446 TLS 1.3 */

Definition at line 617 of file ssl.h.

◆ MBEDTLS_TLS_EXT_CID

#define MBEDTLS_TLS_EXT_CID   54 /* RFC 9146 DTLS 1.2 CID */

Definition at line 624 of file ssl.h.

◆ MBEDTLS_TLS_EXT_CLI_CERT_TYPE

#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE   19 /* RFC 7250 TLS 1.2 and 1.3 */

Definition at line 601 of file ssl.h.

◆ MBEDTLS_TLS_EXT_COOKIE

#define MBEDTLS_TLS_EXT_COOKIE   44 /* RFC 8446 TLS 1.3 */

Definition at line 614 of file ssl.h.

◆ MBEDTLS_TLS_EXT_EARLY_DATA

#define MBEDTLS_TLS_EXT_EARLY_DATA   42 /* RFC 8446 TLS 1.3 */

Definition at line 612 of file ssl.h.

◆ MBEDTLS_TLS_EXT_ECJPAKE_KKPP

#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP   256 /* experimental */

Definition at line 629 of file ssl.h.

◆ MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC

#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC   22 /* 0x16 */

Definition at line 604 of file ssl.h.

◆ MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET

#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET   0x0017 /* 23 */

Definition at line 605 of file ssl.h.

◆ MBEDTLS_TLS_EXT_HEARTBEAT

#define MBEDTLS_TLS_EXT_HEARTBEAT   15 /* RFC 6520 TLS 1.2 and 1.3 */

Definition at line 597 of file ssl.h.

◆ MBEDTLS_TLS_EXT_KEY_SHARE

#define MBEDTLS_TLS_EXT_KEY_SHARE   51 /* RFC 8446 TLS 1.3 */

Definition at line 621 of file ssl.h.

◆ MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH

#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH   1

Definition at line 586 of file ssl.h.

◆ MBEDTLS_TLS_EXT_OID_FILTERS

#define MBEDTLS_TLS_EXT_OID_FILTERS   48 /* RFC 8446 TLS 1.3 */

Definition at line 618 of file ssl.h.

◆ MBEDTLS_TLS_EXT_PADDING

#define MBEDTLS_TLS_EXT_PADDING   21 /* RFC 7685 TLS 1.2 and 1.3 */

Definition at line 603 of file ssl.h.

◆ MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH

#define MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH   49 /* RFC 8446 TLS 1.3 */

Definition at line 619 of file ssl.h.

◆ MBEDTLS_TLS_EXT_PRE_SHARED_KEY

#define MBEDTLS_TLS_EXT_PRE_SHARED_KEY   41 /* RFC 8446 TLS 1.3 */

Definition at line 611 of file ssl.h.

◆ MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES

#define MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES   45 /* RFC 8446 TLS 1.3 */

Definition at line 615 of file ssl.h.

◆ MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT

#define MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT   28 /* RFC 8449 (implemented for TLS 1.3 only) */

Definition at line 607 of file ssl.h.

◆ MBEDTLS_TLS_EXT_RENEGOTIATION_INFO

#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO   0xFF01

Definition at line 631 of file ssl.h.

◆ MBEDTLS_TLS_EXT_SCT

#define MBEDTLS_TLS_EXT_SCT   18 /* RFC 6962 TLS 1.2 and 1.3 */

Definition at line 600 of file ssl.h.

◆ MBEDTLS_TLS_EXT_SERV_CERT_TYPE

#define MBEDTLS_TLS_EXT_SERV_CERT_TYPE   20 /* RFC 7250 TLS 1.2 and 1.3 */

Definition at line 602 of file ssl.h.

◆ MBEDTLS_TLS_EXT_SERVERNAME

#define MBEDTLS_TLS_EXT_SERVERNAME   0

Definition at line 583 of file ssl.h.

◆ MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME

#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME   0

Definition at line 584 of file ssl.h.

◆ MBEDTLS_TLS_EXT_SESSION_TICKET

#define MBEDTLS_TLS_EXT_SESSION_TICKET   35

Definition at line 609 of file ssl.h.

◆ MBEDTLS_TLS_EXT_SIG_ALG

#define MBEDTLS_TLS_EXT_SIG_ALG   13 /* RFC 8446 TLS 1.3 */

Definition at line 595 of file ssl.h.

◆ MBEDTLS_TLS_EXT_SIG_ALG_CERT

#define MBEDTLS_TLS_EXT_SIG_ALG_CERT   50 /* RFC 8446 TLS 1.3 */

Definition at line 620 of file ssl.h.

◆ MBEDTLS_TLS_EXT_STATUS_REQUEST

#define MBEDTLS_TLS_EXT_STATUS_REQUEST   5 /* RFC 6066 TLS 1.2 and 1.3 */

Definition at line 589 of file ssl.h.

◆ MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES

#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES   10

Definition at line 591 of file ssl.h.

◆ MBEDTLS_TLS_EXT_SUPPORTED_GROUPS

#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS   10 /* RFC 8422,7919 TLS 1.2 and 1.3 */

Definition at line 592 of file ssl.h.

◆ MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS

#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS   11

Definition at line 593 of file ssl.h.

◆ MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS

#define MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS   43 /* RFC 8446 TLS 1.3 */

Definition at line 613 of file ssl.h.

◆ MBEDTLS_TLS_EXT_TRUNCATED_HMAC

#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC   4

Definition at line 588 of file ssl.h.

◆ MBEDTLS_TLS_EXT_USE_SRTP

#define MBEDTLS_TLS_EXT_USE_SRTP   14

Definition at line 596 of file ssl.h.

Typedef Documentation

◆ mbedtls_ssl_cache_get_t

typedef int mbedtls_ssl_cache_get_t(void *data, unsigned char const *session_id, size_t session_id_len, mbedtls_ssl_session *session)

Callback type: server-side session cache getter.

           The session cache is logically a key value store, with
           keys being session IDs and values being instances of
           mbedtls_ssl_session.

           This callback retrieves an entry in this key-value store.
Parameters
dataThe address of the session cache structure to query.
session_idThe buffer holding the session ID to query.
session_id_lenThe length of session_id in Bytes.
sessionThe address of the session structure to populate. It is initialized with mbdtls_ssl_session_init(), and the callback must always leave it in a state where it can safely be freed via mbedtls_ssl_session_free() independent of the return code of this function.
Returns
0 on success
A non-zero return value on failure.

Definition at line 914 of file ssl.h.

◆ mbedtls_ssl_cache_set_t

typedef int mbedtls_ssl_cache_set_t(void *data, unsigned char const *session_id, size_t session_id_len, const mbedtls_ssl_session *session)

Callback type: server-side session cache setter.

           The session cache is logically a key value store, with
           keys being session IDs and values being instances of
           mbedtls_ssl_session.

           This callback sets an entry in this key-value store.
Parameters
dataThe address of the session cache structure to modify.
session_idThe buffer holding the session ID to query.
session_id_lenThe length of session_id in Bytes.
sessionThe address of the session to be stored in the session cache.
Returns
0 on success
A non-zero return value on failure.

Definition at line 936 of file ssl.h.

◆ mbedtls_ssl_config

typedef struct mbedtls_ssl_config mbedtls_ssl_config

Definition at line 865 of file ssl.h.

◆ mbedtls_ssl_context

typedef struct mbedtls_ssl_context mbedtls_ssl_context

Definition at line 864 of file ssl.h.

◆ mbedtls_ssl_cookie_check_t

typedef int mbedtls_ssl_cookie_check_t(void *ctx, const unsigned char *cookie, size_t clen, const unsigned char *info, size_t ilen)

Callback type: verify a cookie.

Parameters
ctxContext for the callback
cookieCookie to verify
clenLength of cookie
infoClient ID info that was passed to mbedtls_ssl_set_client_transport_id()
ilenLength of info in bytes
Returns
The callback must return 0 if cookie is valid, or a negative error code.

Definition at line 2993 of file ssl.h.

◆ mbedtls_ssl_cookie_write_t

typedef int mbedtls_ssl_cookie_write_t(void *ctx, unsigned char **p, unsigned char *end, const unsigned char *info, size_t ilen)

Callback type: generate a cookie.

Parameters
ctxContext for the callback
pBuffer to write to, must be updated to point right after the cookie
endPointer to one past the end of the output buffer
infoClient ID info that was passed to mbedtls_ssl_set_client_transport_id()
ilenLength of info in bytes
Returns
The callback must return 0 on success, or a negative error code.

Definition at line 2976 of file ssl.h.

◆ mbedtls_ssl_export_keys_t

typedef void mbedtls_ssl_export_keys_t(void *p_expkey, mbedtls_ssl_key_export_type type, const unsigned char *secret, size_t secret_len, const unsigned char client_random[32], const unsigned char server_random[32], mbedtls_tls_prf_types tls_prf_type)

Callback type: Export key alongside random values for session identification, and PRF for implementation of TLS key exporters.

Parameters
p_expkeyContext for the callback.
typeThe type of the key that is being exported.
secretThe address of the buffer holding the secret that's being exporterd.
secret_lenThe length of secret in bytes.
client_randomThe client random bytes.
server_randomThe server random bytes.
tls_prf_typeThe identifier for the PRF used in the handshake to which the key belongs.

Definition at line 1370 of file ssl.h.

◆ mbedtls_ssl_flight_item

Definition at line 875 of file ssl.h.

◆ mbedtls_ssl_get_timer_t

typedef int mbedtls_ssl_get_timer_t(void *ctx)

Callback type: get status of timers/delays.

Parameters
ctxContext pointer
Returns
This callback must return: -1 if cancelled (fin_ms == 0), 0 if none of the delays have passed, 1 if only the intermediate delay has passed, 2 if the final delay has passed.

Definition at line 860 of file ssl.h.

◆ mbedtls_ssl_handshake_params

Definition at line 869 of file ssl.h.

◆ mbedtls_ssl_hs_cb_t

typedef int(* mbedtls_ssl_hs_cb_t) (mbedtls_ssl_context *ssl)

Callback type: generic handshake callback.

Note
Callbacks may use user_data funcs to set/get app user data. See mbedtls_ssl_get_user_data_p() mbedtls_ssl_get_user_data_n() mbedtls_ssl_conf_get_user_data_p() mbedtls_ssl_conf_get_user_data_n()
Parameters
sslmbedtls_ssl_context on which the callback is run
Returns
The return value of the callback is 0 if successful, or a specific MBEDTLS_ERR_XXX code, which will cause the handshake to be aborted.

Definition at line 1394 of file ssl.h.

◆ mbedtls_ssl_key_cert

Definition at line 872 of file ssl.h.

◆ mbedtls_ssl_recv_t

typedef int mbedtls_ssl_recv_t(void *ctx, unsigned char *buf, size_t len)

Callback type: receive data from the network.

Note
That callback may be either blocking or non-blocking.
Parameters
ctxContext for the receive callback (typically a file descriptor)
bufBuffer to write the received data to
lenLength of the receive buffer
Returns
If data has been received, the positive number of bytes received.
0 if the connection has been closed.
If performing non-blocking I/O, MBEDTLS_ERR_SSL_WANT_READ must be returned when the operation would block.
Another negative error code on other kinds of failures.
Note
The callback may receive fewer bytes than the length of the buffer. It must always return the number of bytes actually received and written to the buffer.

Definition at line 793 of file ssl.h.

◆ mbedtls_ssl_recv_timeout_t

typedef int mbedtls_ssl_recv_timeout_t(void *ctx, unsigned char *buf, size_t len, uint32_t timeout)

Callback type: receive data from the network, with timeout.

Note
That callback must block until data is received, or the timeout delay expires, or the operation is interrupted by a signal.
Parameters
ctxContext for the receive callback (typically a file descriptor)
bufBuffer to write the received data to
lenLength of the receive buffer
timeoutMaximum number of milliseconds to wait for data 0 means no timeout (potentially waiting forever)
Returns
The callback must return the number of bytes received, or a non-zero error code: MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
Note
The callback may receive fewer bytes than the length of the buffer. It must always return the number of bytes actually received and written to the buffer.

Definition at line 819 of file ssl.h.

◆ mbedtls_ssl_send_t

typedef int mbedtls_ssl_send_t(void *ctx, const unsigned char *buf, size_t len)

Callback type: send data on the network.

Note
That callback may be either blocking or non-blocking.
Parameters
ctxContext for the send callback (typically a file descriptor)
bufBuffer holding the data to send
lenLength of the data to send
Returns
The callback must return the number of bytes sent if any, or a non-zero error code. If performing non-blocking I/O, MBEDTLS_ERR_SSL_WANT_WRITE must be returned when the operation would block.
Note
The callback is allowed to send fewer bytes than requested. It must always return the number of bytes actually sent.

Definition at line 769 of file ssl.h.

◆ mbedtls_ssl_session

typedef struct mbedtls_ssl_session mbedtls_ssl_session

Definition at line 863 of file ssl.h.

◆ mbedtls_ssl_set_timer_t

typedef void mbedtls_ssl_set_timer_t(void *ctx, uint32_t int_ms, uint32_t fin_ms)

Callback type: set a pair of timers/delays to watch.

Parameters
ctxContext pointer
int_msIntermediate delay in milliseconds
fin_msFinal delay in milliseconds 0 cancels the current timer.
Note
This callback must at least store the necessary information for the associated mbedtls_ssl_get_timer_t callback to return correct information.
If using an event-driven style of programming, an event must be generated when the final delay is passed. The event must cause a call to mbedtls_ssl_handshake() with the proper SSL context to be scheduled. Care must be taken to ensure that at most one such call happens at a time.
Only one timer at a time must be running. Calling this function while a timer is running must cancel it. Cancelled timers must not generate any event.

Definition at line 845 of file ssl.h.

◆ mbedtls_ssl_sig_hash_set_t

Definition at line 870 of file ssl.h.

◆ mbedtls_ssl_ticket_parse_t

typedef int mbedtls_ssl_ticket_parse_t(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len)

Callback type: parse and load session ticket.

Note
This describes what a callback implementation should do. This callback should parse a session ticket as generated by the corresponding mbedtls_ssl_ticket_write_t function, and, if the ticket is authentic and valid, load the session.
The implementation is allowed to modify the first len bytes of the input buffer, eg to use it as a temporary area for the decrypted ticket contents.
Parameters
p_ticketContext for the callback
sessionSSL session to be loaded
bufStart of the buffer containing the ticket
lenLength of the ticket.
Returns
0 if successful, or MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or any other non-zero code for other failures.

Definition at line 2644 of file ssl.h.

◆ mbedtls_ssl_ticket_write_t

typedef int mbedtls_ssl_ticket_write_t(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime)

Callback type: generate and write session ticket.

Note
This describes what a callback implementation should do. This callback should generate an encrypted and authenticated ticket for the session and write it to the output buffer. Here, ticket means the opaque ticket part of the NewSessionTicket structure of RFC 5077.
Parameters
p_ticketContext for the callback
sessionSSL session to be written in the ticket
startStart of the output buffer
endEnd of the output buffer
tlenOn exit, holds the length written
lifetimeOn exit, holds the lifetime of the ticket in seconds
Returns
0 if successful, or a specific MBEDTLS_ERR_XXX code.

Definition at line 2614 of file ssl.h.

◆ mbedtls_ssl_transform

Definition at line 868 of file ssl.h.

Enumeration Type Documentation

◆ mbedtls_ssl_key_export_type

Enumerator
MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET 
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET 
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_EARLY_EXPORTER_SECRET 
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET 
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET 
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET 
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET 

Definition at line 1343 of file ssl.h.

◆ mbedtls_ssl_protocol_version

Human-friendly representation of the (D)TLS protocol version.

Enumerator
MBEDTLS_SSL_VERSION_UNKNOWN 

Context not in use or version not yet negotiated.

MBEDTLS_SSL_VERSION_TLS1_2 

(D)TLS 1.2

MBEDTLS_SSL_VERSION_TLS1_3 

(D)TLS 1.3

Definition at line 1214 of file ssl.h.

◆ mbedtls_ssl_states

Enumerator
MBEDTLS_SSL_HELLO_REQUEST 
MBEDTLS_SSL_CLIENT_HELLO 
MBEDTLS_SSL_SERVER_HELLO 
MBEDTLS_SSL_SERVER_CERTIFICATE 
MBEDTLS_SSL_SERVER_KEY_EXCHANGE 
MBEDTLS_SSL_CERTIFICATE_REQUEST 
MBEDTLS_SSL_SERVER_HELLO_DONE 
MBEDTLS_SSL_CLIENT_CERTIFICATE 
MBEDTLS_SSL_CLIENT_KEY_EXCHANGE 
MBEDTLS_SSL_CERTIFICATE_VERIFY 
MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC 
MBEDTLS_SSL_CLIENT_FINISHED 
MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC 
MBEDTLS_SSL_SERVER_FINISHED 
MBEDTLS_SSL_FLUSH_BUFFERS 
MBEDTLS_SSL_HANDSHAKE_WRAPUP 
MBEDTLS_SSL_NEW_SESSION_TICKET 
MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT 
MBEDTLS_SSL_HELLO_RETRY_REQUEST 
MBEDTLS_SSL_ENCRYPTED_EXTENSIONS 
MBEDTLS_SSL_END_OF_EARLY_DATA 
MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY 
MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED 
MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO 
MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO 
MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO 
MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST 
MBEDTLS_SSL_HANDSHAKE_OVER 
MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET 
MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH 

Definition at line 703 of file ssl.h.

◆ mbedtls_tls_prf_types

Enumerator
MBEDTLS_SSL_TLS_PRF_NONE 
MBEDTLS_SSL_TLS_PRF_SHA384 
MBEDTLS_SSL_TLS_PRF_SHA256 
MBEDTLS_SSL_HKDF_EXPAND_SHA384 
MBEDTLS_SSL_HKDF_EXPAND_SHA256 

Definition at line 1334 of file ssl.h.

Function Documentation

◆ mbedtls_ssl_check_pending()

int mbedtls_ssl_check_pending ( const mbedtls_ssl_context * ssl)

Check if there is data already read from the underlying transport but not yet processed.

Parameters
sslSSL context
Returns
0 if nothing's pending, 1 otherwise.
Note
This is different in purpose and behaviour from mbedtls_ssl_get_bytes_avail in that it considers any kind of unprocessed data, not only unread application data. If mbedtls_ssl_get_bytes returns a non-zero value, this function will also signal pending data, but the converse does not hold. For example, in DTLS there might be further records waiting to be processed from the current underlying transport's datagram.
If this function returns 1 (data pending), this does not imply that a subsequent call to mbedtls_ssl_read will provide any data; e.g., the unprocessed data might turn out to be an alert or a handshake message.
This function is useful in the following situation: If the SSL/TLS module successfully returns from an operation - e.g. a handshake or an application record read - and you're awaiting incoming data next, you must not immediately idle on the underlying transport to have data ready, but you need to check the value of this function first. The reason is that the desired data might already be read but not yet processed. If, in contrast, a previous call to the SSL/TLS module returned MBEDTLS_ERR_SSL_WANT_READ, it is not necessary to call this function, as the latter error code entails that all internal data has been processed.

◆ mbedtls_ssl_check_record()

int mbedtls_ssl_check_record ( mbedtls_ssl_context const * ssl,
unsigned char * buf,
size_t buflen )

Check whether a buffer contains a valid and authentic record that has not been seen before. (DTLS only).

This function does not change the user-visible state of the SSL context. Its sole purpose is to provide an indication of the legitimacy of an incoming record.

This can be useful e.g. in distributed server environments using the DTLS Connection ID feature, in which connections might need to be passed between service instances on a change of peer address, but where such disruptive operations should only happen after the validity of incoming records has been confirmed.

Parameters
sslThe SSL context to use.
bufThe address of the buffer holding the record to be checked. This must be a read/write buffer of length buflen Bytes.
buflenThe length of buf in Bytes.
Note
This routine only checks whether the provided buffer begins with a valid and authentic record that has not been seen before, but does not check potential data following the initial record. In particular, it is possible to pass DTLS datagrams containing multiple records, in which case only the first record is checked.
This function modifies the input buffer buf. If you need to preserve the original record, you have to maintain a copy.
Returns
0 if the record is valid and authentic and has not been seen before.
MBEDTLS_ERR_SSL_INVALID_MAC if the check completed successfully but the record was found to be not authentic.
MBEDTLS_ERR_SSL_INVALID_RECORD if the check completed successfully but the record was found to be invalid for a reason different from authenticity checking.
MBEDTLS_ERR_SSL_UNEXPECTED_RECORD if the check completed successfully but the record was found to be unexpected in the state of the SSL context, including replayed records.
Another negative error code on different kinds of failure. In this case, the SSL context becomes unusable and needs to be freed or reset before reuse.

◆ mbedtls_ssl_close_notify()

int mbedtls_ssl_close_notify ( mbedtls_ssl_context * ssl)

Notify the peer that the connection is being closed.

Parameters
sslSSL context
Returns
0 if successful, or a specific SSL error code.
Note
If this function returns something other than 0 or MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using the SSL context for reading or writing, and either free it or call mbedtls_ssl_session_reset() on it before re-using it for a new connection; the current connection must be closed.

◆ mbedtls_ssl_conf_alpn_protocols()

int mbedtls_ssl_conf_alpn_protocols ( mbedtls_ssl_config * conf,
const char ** protos )

Set the supported Application Layer Protocols.

Parameters
confSSL configuration
protosPointer to a NULL-terminated list of supported protocols, in decreasing preference order. The pointer to the list is recorded by the library for later reference as required, so the lifetime of the table must be at least as long as the lifetime of the SSL configuration structure.
Returns
0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.

◆ mbedtls_ssl_conf_authmode()

void mbedtls_ssl_conf_authmode ( mbedtls_ssl_config * conf,
int authmode )

Set the certificate verification mode Default: NONE on server, REQUIRED on client.

Parameters
confSSL configuration
authmodecan be:

MBEDTLS_SSL_VERIFY_NONE: peer certificate is not checked (default on server) (insecure on client)

MBEDTLS_SSL_VERIFY_OPTIONAL: peer certificate is checked, however the handshake continues even if verification failed; mbedtls_ssl_get_verify_result() can be called after the handshake is complete.

MBEDTLS_SSL_VERIFY_REQUIRED: peer must present a valid certificate, handshake is aborted if verification failed. (default on client)

Note
On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode. With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at the right time(s), which may not be obvious, while REQUIRED always perform the verification as soon as possible. For example, REQUIRED was protecting against the "triple handshake" attack even before it was found.

◆ mbedtls_ssl_conf_ca_chain()

void mbedtls_ssl_conf_ca_chain ( mbedtls_ssl_config * conf,
mbedtls_x509_crt * ca_chain,
mbedtls_x509_crl * ca_crl )

Set the data required to verify peer certificate.

Note
See mbedtls_x509_crt_verify() for notes regarding the parameters ca_chain (maps to trust_ca for that function) and ca_crl.
Parameters
confSSL configuration
ca_chaintrusted CA chain (meaning all fully trusted top-level CAs)
ca_crltrusted CA CRLs

◆ mbedtls_ssl_conf_cert_cb()

static void mbedtls_ssl_conf_cert_cb ( mbedtls_ssl_config * conf,
mbedtls_ssl_hs_cb_t f_cert_cb )
inlinestatic

Set the certificate selection callback (server-side only).

            If set, the callback is always called for each handshake,
            after `ClientHello` processing has finished.
Parameters
confThe SSL configuration to register the callback with.
f_cert_cbThe callback for selecting server certificate after ClientHello processing has finished.

Definition at line 2588 of file ssl.h.

◆ mbedtls_ssl_conf_cert_profile()

void mbedtls_ssl_conf_cert_profile ( mbedtls_ssl_config * conf,
const mbedtls_x509_crt_profile * profile )

Set the X.509 security profile used for verification.

Note
The restrictions are enforced for all certificates in the chain. However, signatures in the handshake are not covered by this setting but by mbedtls_ssl_conf_sig_hashes().
Parameters
confSSL configuration
profileProfile to use

◆ mbedtls_ssl_conf_cert_req_ca_list()

void mbedtls_ssl_conf_cert_req_ca_list ( mbedtls_ssl_config * conf,
char cert_req_ca_list )

Whether to send a list of acceptable CAs in CertificateRequest messages. (Default: do send)

Parameters
confSSL configuration
cert_req_ca_listMBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED

◆ mbedtls_ssl_conf_cid()

int mbedtls_ssl_conf_cid ( mbedtls_ssl_config * conf,
size_t len,
int ignore_other_cids )

Specify the length of Connection IDs for incoming encrypted DTLS records, as well as the behaviour on unexpected CIDs.

By default, the CID length is set to 0, and unexpected CIDs are silently ignored.

Parameters
confThe SSL configuration to modify.
lenThe length in Bytes of the CID fields in encrypted DTLS records using the CID mechanism. This must not be larger than MBEDTLS_SSL_CID_OUT_LEN_MAX.
ignore_other_cidsThis determines the stack's behaviour when receiving a record with an unexpected CID. Possible values are:
Note
The CID specification allows implementations to either use a common length for all incoming connection IDs or allow variable-length incoming IDs. Mbed TLS currently requires a common length for all connections sharing the same SSL configuration; this allows simpler parsing of record headers.
Returns
0 on success.
MBEDTLS_ERR_SSL_BAD_INPUT_DATA if len is too large.

◆ mbedtls_ssl_conf_ciphersuites()

void mbedtls_ssl_conf_ciphersuites ( mbedtls_ssl_config * conf,
const int * ciphersuites )

Set the list of allowed ciphersuites and the preference order. First in the list has the highest preference.

For TLS 1.2, the notion of ciphersuite determines both the key exchange mechanism and the suite of symmetric algorithms to be used during and after the handshake.

For TLS 1.3 (in development), the notion of ciphersuite only determines the suite of symmetric algorithms to be used during and after the handshake, while key exchange mechanisms are configured separately.

In Mbed TLS, ciphersuites for both TLS 1.2 and TLS 1.3 are configured via this function. For users of TLS 1.3, there will be separate API for the configuration of key exchange mechanisms.

The list of ciphersuites passed to this function may contain a mixture of TLS 1.2 and TLS 1.3 ciphersuite identifiers. This is useful if negotiation of TLS 1.3 should be attempted, but a fallback to TLS 1.2 would be tolerated.

Note
By default, the server chooses its preferred ciphersuite among those that the client supports. If mbedtls_ssl_conf_preference_order() is called to prefer the client's preferences, the server instead chooses the client's preferred ciphersuite among those that the server supports.
Warning
The ciphersuites array ciphersuites is not copied. It must remain valid for the lifetime of the SSL configuration conf.
Parameters
confThe SSL configuration to modify.
ciphersuitesA 0-terminated list of IANA identifiers of supported ciphersuites, accessible through MBEDTLS_TLS_XXX and MBEDTLS_TLS1_3_XXX macros defined in ssl_ciphersuites.h.

◆ mbedtls_ssl_conf_curves()

void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves ( mbedtls_ssl_config * conf,
const mbedtls_ecp_group_id * curves )

Set the allowed curves in order of preference.

           On server: this only affects selection of the ECDHE curve;
           the curves used for ECDH and ECDSA are determined by the
           list of available certificates instead.

           On client: this affects the list of curves offered for any
           use. The server can override our preference order.

           Both sides: limits the set of curves accepted for use in
           ECDHE and in the peer's end-entity certificate.
Deprecated
Superseded by mbedtls_ssl_conf_groups().
Note
This has no influence on which curves are allowed inside the certificate chains, see mbedtls_ssl_conf_cert_profile() for that. For the end-entity certificate however, the key will be accepted only if it is allowed both by this list and by the cert profile.
This list should be ordered by decreasing preference (preferred curve first).
The default list is the same set of curves that mbedtls_x509_crt_profile_default allows, plus ECDHE-only curves selected according to the same criteria. The order favors curves with the lowest resource usage.
New minor versions of Mbed TLS may extend this list, for example if new curves are added to the library. New minor versions of Mbed TLS will not remove items from this list unless serious security concerns require it. New minor versions of Mbed TLS may change the order in keeping with the general principle of favoring the lowest resource usage.
Parameters
confSSL configuration
curvesOrdered list of allowed curves, terminated by MBEDTLS_ECP_DP_NONE.

◆ mbedtls_ssl_conf_dbg()

void mbedtls_ssl_conf_dbg ( mbedtls_ssl_config * conf,
void(* f_dbg )(void *, int, const char *, int, const char *),
void * p_dbg )

Set the debug callback.

           The callback has the following argument:
           void *           opaque context for the callback
           int              debug level
           const char *     file name
           int              line number
           const char *     message
Parameters
confSSL configuration
f_dbgdebug function
p_dbgdebug parameter

◆ mbedtls_ssl_conf_dh_param_bin()

int mbedtls_ssl_conf_dh_param_bin ( mbedtls_ssl_config * conf,
const unsigned char * dhm_P,
size_t P_len,
const unsigned char * dhm_G,
size_t G_len )

Set the Diffie-Hellman public P and G values from big-endian binary presentations. (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN)

Parameters
confSSL configuration
dhm_PDiffie-Hellman-Merkle modulus in big-endian binary form
P_lenLength of DHM modulus
dhm_GDiffie-Hellman-Merkle generator in big-endian binary form
G_lenLength of DHM generator
Returns
0 if successful

◆ mbedtls_ssl_conf_dh_param_ctx()

int mbedtls_ssl_conf_dh_param_ctx ( mbedtls_ssl_config * conf,
mbedtls_dhm_context * dhm_ctx )

Set the Diffie-Hellman public P and G values, read from existing context (server-side only)

Parameters
confSSL configuration
dhm_ctxDiffie-Hellman-Merkle context
Returns
0 if successful

◆ mbedtls_ssl_conf_dhm_min_bitlen()

void mbedtls_ssl_conf_dhm_min_bitlen ( mbedtls_ssl_config * conf,
unsigned int bitlen )

Set the minimum length for Diffie-Hellman parameters. (Client-side only.) (Default: 1024 bits.)

Parameters
confSSL configuration
bitlenMinimum bit length of the DHM prime

◆ mbedtls_ssl_conf_dn_hints()

static void mbedtls_ssl_conf_dn_hints ( mbedtls_ssl_config * conf,
const mbedtls_x509_crt * crt )
inlinestatic

Set DN hints sent to client in CertificateRequest message.

Note
If not set, subject distinguished names (DNs) are taken from mbedtls_ssl_conf_ca_chain() or mbedtls_ssl_set_hs_ca_chain())
Parameters
confSSL configuration
crtcrt chain whose subject DNs are issuer DNs of client certs from which the client should select client peer certificate.

Definition at line 3507 of file ssl.h.

◆ mbedtls_ssl_conf_dtls_anti_replay()

void mbedtls_ssl_conf_dtls_anti_replay ( mbedtls_ssl_config * conf,
char mode )

Enable or disable anti-replay protection for DTLS. (DTLS only, no effect on TLS.) Default: enabled.

Parameters
confSSL configuration
modeMBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED.
Warning
Disabling this is a security risk unless the application protocol handles duplicated packets in a safe way. You should not disable this without careful consideration. However, if your application already detects duplicated packets and needs information about them to adjust its transmission strategy, then you'll want to disable this.

◆ mbedtls_ssl_conf_dtls_badmac_limit()

void mbedtls_ssl_conf_dtls_badmac_limit ( mbedtls_ssl_config * conf,
unsigned limit )

Set a limit on the number of records with a bad MAC before terminating the connection. (DTLS only, no effect on TLS.) Default: 0 (disabled).

Parameters
confSSL configuration
limitLimit, or 0 to disable.
Note
If the limit is N, then the connection is terminated when the Nth non-authentic record is seen.
Records with an invalid header are not counted, only the ones going through the authentication-decryption phase.
This is a security trade-off related to the fact that it's often relatively easy for an active attacker to inject UDP datagrams. On one hand, setting a low limit here makes it easier for such an attacker to forcibly terminated a connection. On the other hand, a high limit or no limit might make us waste resources checking authentication on many bogus packets.

◆ mbedtls_ssl_conf_dtls_cookies()

void mbedtls_ssl_conf_dtls_cookies ( mbedtls_ssl_config * conf,
mbedtls_ssl_cookie_write_t * f_cookie_write,
mbedtls_ssl_cookie_check_t * f_cookie_check,
void * p_cookie )

Register callbacks for DTLS cookies (Server only. DTLS only.)

Default: dummy callbacks that fail, in order to force you to register working callbacks (and initialize their context).

To disable HelloVerifyRequest, register NULL callbacks.

Warning
Disabling hello verification allows your server to be used for amplification in DoS attacks against other hosts. Only disable if you known this can't happen in your particular environment.
Note
See comments on mbedtls_ssl_handshake() about handling the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected on the first handshake attempt when this is enabled.
This is also necessary to handle client reconnection from the same port as described in RFC 6347 section 4.2.8 (only the variant with cookies is supported currently). See comments on mbedtls_ssl_read() for details.
Parameters
confSSL configuration
f_cookie_writeCookie write callback
f_cookie_checkCookie check callback
p_cookieContext for both callbacks

◆ mbedtls_ssl_conf_encrypt_then_mac()

void mbedtls_ssl_conf_encrypt_then_mac ( mbedtls_ssl_config * conf,
char etm )

Enable or disable Encrypt-then-MAC (Default: MBEDTLS_SSL_ETM_ENABLED)

Note
This should always be enabled, it is a security improvement, and should not cause any interoperability issue (used only if the peer supports it too).
Parameters
confSSL configuration
etmMBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED

◆ mbedtls_ssl_conf_endpoint()

void mbedtls_ssl_conf_endpoint ( mbedtls_ssl_config * conf,
int endpoint )

Set the current endpoint type.

Parameters
confSSL configuration
endpointmust be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER

◆ mbedtls_ssl_conf_extended_master_secret()

void mbedtls_ssl_conf_extended_master_secret ( mbedtls_ssl_config * conf,
char ems )

Enable or disable Extended Master Secret negotiation. (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED)

Note
This should always be enabled, it is a security fix to the protocol, and should not cause any interoperability issue (used only if the peer supports it too).
Parameters
confSSL configuration
emsMBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED

◆ mbedtls_ssl_conf_get_endpoint()

static int mbedtls_ssl_conf_get_endpoint ( const mbedtls_ssl_config * conf)
inlinestatic

Get the current endpoint type.

Parameters
confSSL configuration
Returns
Endpoint type, either MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER

Definition at line 2036 of file ssl.h.

◆ mbedtls_ssl_conf_get_user_data_n()

static uintptr_t mbedtls_ssl_conf_get_user_data_n ( mbedtls_ssl_config * conf)
inlinestatic

Retrieve the user data in an SSL configuration as an integer.

This is the value last set with mbedtls_ssl_conf_set_user_data_n(), or 0 if mbedtls_ssl_conf_set_user_data_n() has not previously been called. The value is undefined if mbedtls_ssl_conf_set_user_data_p() has been called without a subsequent call to mbedtls_ssl_conf_set_user_data_n().

Parameters
confThe SSL configuration context to modify.
Returns
The current value of the user data.

Definition at line 2814 of file ssl.h.

◆ mbedtls_ssl_conf_get_user_data_p()

static void * mbedtls_ssl_conf_get_user_data_p ( mbedtls_ssl_config * conf)
inlinestatic

Retrieve the user data in an SSL configuration as a pointer.

This is the value last set with mbedtls_ssl_conf_set_user_data_p(), or NULL if mbedtls_ssl_conf_set_user_data_p() has not previously been called. The value is undefined if mbedtls_ssl_conf_set_user_data_n() has been called without a subsequent call to mbedtls_ssl_conf_set_user_data_p().

Parameters
confThe SSL configuration context to modify.
Returns
The current value of the user data.

Definition at line 2798 of file ssl.h.

◆ mbedtls_ssl_conf_groups()

void mbedtls_ssl_conf_groups ( mbedtls_ssl_config * conf,
const uint16_t * groups )

Set the allowed groups in order of preference.

           On server: This only affects the choice of key agreement mechanism

           On client: this affects the list of groups offered for any
           use. The server can override our preference order.

           Both sides: limits the set of groups accepted for use in
           key sharing.
Note
This function replaces the deprecated mbedtls_ssl_conf_curves(), which only allows ECP curves to be configured.
The most recent invocation of either mbedtls_ssl_conf_curves() or mbedtls_ssl_conf_groups() nullifies all previous invocations of both.
This list should be ordered by decreasing preference (preferred group first).
When this function is not called, a default list is used, consisting of all supported curves at 255 bits and above, and all supported finite fields at 2048 bits and above. The order favors groups with the lowest resource usage.
New minor versions of Mbed TLS will not remove items from the default list unless serious security concerns require it. New minor versions of Mbed TLS may change the order in keeping with the general principle of favoring the lowest resource usage.
Parameters
confSSL configuration
groupsList of allowed groups ordered by preference, terminated by 0. Must contain valid IANA NamedGroup IDs (provided via either an integer or using MBEDTLS_TLS1_3_NAMED_GROUP_XXX macros).

◆ mbedtls_ssl_conf_handshake_timeout()

void mbedtls_ssl_conf_handshake_timeout ( mbedtls_ssl_config * conf,
uint32_t min,
uint32_t max )

Set retransmit timeout values for the DTLS handshake. (DTLS only, no effect on TLS.)

Parameters
confSSL configuration
minInitial timeout value in milliseconds. Default: 1000 (1 second).
maxMaximum timeout value in milliseconds. Default: 60000 (60 seconds).
Note
Default values are from RFC 6347 section 4.2.4.1.
The 'min' value should typically be slightly above the expected round-trip time to your peer, plus whatever time it takes for the peer to process the message. For example, if your RTT is about 600ms and you peer needs up to 1s to do the cryptographic operations in the handshake, then you should set 'min' slightly above 1600. Lower values of 'min' might cause spurious resends which waste network resources, while larger value of 'min' will increase overall latency on unreliable network links.
The more unreliable your network connection is, the larger your max / min ratio needs to be in order to achieve reliable handshakes.
Messages are retransmitted up to log2(ceil(max/min)) times. For example, if min = 1s and max = 5s, the retransmit plan goes: send ... 1s -> resend ... 2s -> resend ... 4s -> resend ... 5s -> give up and return a timeout error.

◆ mbedtls_ssl_conf_legacy_renegotiation()

void mbedtls_ssl_conf_legacy_renegotiation ( mbedtls_ssl_config * conf,
int allow_legacy )

Prevent or allow legacy renegotiation. (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)

MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to be established even if the peer does not support secure renegotiation, but does not allow renegotiation to take place if not secure. (Interoperable and secure option)

MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations with non-upgraded peers. Allowing legacy renegotiation makes the connection vulnerable to specific man in the middle attacks. (See RFC 5746) (Most interoperable and least secure option)

MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections if peer does not support secure renegotiation. Results in interoperability issues with non-upgraded peers that do not support renegotiation altogether. (Most secure option, interoperability issues)

Parameters
confSSL configuration
allow_legacyPrevent or allow (SSL_NO_LEGACY_RENEGOTIATION, SSL_ALLOW_LEGACY_RENEGOTIATION or MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)

◆ mbedtls_ssl_conf_max_frag_len()

int mbedtls_ssl_conf_max_frag_len ( mbedtls_ssl_config * conf,
unsigned char mfl_code )

Set the maximum fragment length to emit and/or negotiate. (Typical: the smaller of MBEDTLS_SSL_IN_CONTENT_LEN and MBEDTLS_SSL_OUT_CONTENT_LEN, usually 2^14 bytes) (Server: set maximum fragment length to emit, usually negotiated by the client during handshake) (Client: set maximum fragment length to emit and negotiate with the server during handshake) (Default: MBEDTLS_SSL_MAX_FRAG_LEN_NONE)

Note
On the client side, the maximum fragment length extension will not be used, unless the maximum fragment length has been set via this function to a value different than MBEDTLS_SSL_MAX_FRAG_LEN_NONE.
With TLS, this currently only affects ApplicationData (sent with mbedtls_ssl_read()), not handshake messages. With DTLS, this affects both ApplicationData and handshake.
This sets the maximum length for a record's payload, excluding record overhead that will be added to it, see mbedtls_ssl_get_record_expansion().
For DTLS, it is also possible to set a limit for the total size of datagrams passed to the transport layer, including record overhead, see mbedtls_ssl_set_mtu().
Parameters
confSSL configuration
mfl_codeCode for maximum fragment length (allowed values: MBEDTLS_SSL_MAX_FRAG_LEN_512, MBEDTLS_SSL_MAX_FRAG_LEN_1024, MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096)
Returns
0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA

◆ mbedtls_ssl_conf_max_tls_version()

static void mbedtls_ssl_conf_max_tls_version ( mbedtls_ssl_config * conf,
mbedtls_ssl_protocol_version tls_version )
inlinestatic

Set the maximum supported version sent from the client side and/or accepted at the server side.

Note
After the handshake, you can call mbedtls_ssl_get_version_number() to see what version was negotiated.
Parameters
confSSL configuration
tls_versionTLS protocol version number (mbedtls_ssl_protocol_version) (MBEDTLS_SSL_VERSION_UNKNOWN is not valid)

Definition at line 4316 of file ssl.h.

◆ mbedtls_ssl_conf_max_version()

void MBEDTLS_DEPRECATED mbedtls_ssl_conf_max_version ( mbedtls_ssl_config * conf,
int major,
int minor )

Set the maximum supported version sent from the client side and/or accepted at the server side.

See also the documentation of mbedtls_ssl_conf_min_version().

Note
This ignores ciphersuites from higher versions.
This function is deprecated and has been replaced by mbedtls_ssl_conf_max_tls_version().
Parameters
confSSL configuration
majorMajor version number (MBEDTLS_SSL_MAJOR_VERSION_3)
minorMinor version number (MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2, MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)

◆ mbedtls_ssl_conf_min_tls_version()

static void mbedtls_ssl_conf_min_tls_version ( mbedtls_ssl_config * conf,
mbedtls_ssl_protocol_version tls_version )
inlinestatic

Set the minimum supported version sent from the client side and/or accepted at the server side.

Note
After the handshake, you can call mbedtls_ssl_get_version_number() to see what version was negotiated.
Parameters
confSSL configuration
tls_versionTLS protocol version number (mbedtls_ssl_protocol_version) (MBEDTLS_SSL_VERSION_UNKNOWN is not valid)

Definition at line 4373 of file ssl.h.

◆ mbedtls_ssl_conf_min_version()

void MBEDTLS_DEPRECATED mbedtls_ssl_conf_min_version ( mbedtls_ssl_config * conf,
int major,
int minor )

Set the minimum accepted SSL/TLS protocol version.

Note
By default, all supported versions are accepted. Future versions of the library may disable older protocol versions by default if they become deprecated.
The following versions are supported (if enabled at compile time):

Note that the numbers in the constant names are the TLS internal protocol numbers, and the minor versions differ by one from the human-readable versions!

Note
Input outside of the SSL_MAX_XXXXX_VERSION and SSL_MIN_XXXXX_VERSION range is ignored.
After the handshake, you can call mbedtls_ssl_get_version_number() to see what version was negotiated.
This function is deprecated and has been replaced by mbedtls_ssl_conf_min_tls_version().
Parameters
confSSL configuration
majorMajor version number (MBEDTLS_SSL_MAJOR_VERSION_3)
minorMinor version number (MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2, MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)

◆ mbedtls_ssl_conf_new_session_tickets()

void mbedtls_ssl_conf_new_session_tickets ( mbedtls_ssl_config * conf,
uint16_t num_tickets )

Number of NewSessionTicket messages for the server to send after handshake completion.

Note
The default value is MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS.
In case of a session resumption, this setting only partially apply. At most one ticket is sent in that case to just renew the pool of tickets of the client. The rationale is to avoid the number of tickets on the server to become rapidly out of control when the server has the same configuration for all its connection instances.
Parameters
confSSL configuration
num_ticketsNumber of NewSessionTicket.

◆ mbedtls_ssl_conf_own_cert()

int mbedtls_ssl_conf_own_cert ( mbedtls_ssl_config * conf,
mbedtls_x509_crt * own_cert,
mbedtls_pk_context * pk_key )

Set own certificate chain and private key.

Note
own_cert should contain in order from the bottom up your certificate chain. The top certificate (self-signed) can be omitted.
On server, this function can be called multiple times to provision more than one cert/key pair (eg one ECDSA, one RSA with SHA-256, one RSA with SHA-1). An adequate certificate will be selected according to the client's advertised capabilities. In case multiple certificates are adequate, preference is given to the one set by the first call to this function, then second, etc.
On client, only the first call has any effect. That is, only one client certificate can be provisioned. The server's preferences in its CertificateRequest message will be ignored and our only cert will be sent regardless of whether it matches those preferences - the server can then decide what it wants to do with it.
The provided pk_key needs to match the public key in the first certificate in own_cert, or all handshakes using that certificate will fail. It is your responsibility to ensure that; this function will not perform any check. You may use mbedtls_pk_check_pair() in order to perform this check yourself, but be aware that this function can be computationally expensive on some key types.
Parameters
confSSL configuration
own_certown public certificate chain
pk_keyown private key
Returns
0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED

◆ mbedtls_ssl_conf_preference_order()

void mbedtls_ssl_conf_preference_order ( mbedtls_ssl_config * conf,
int order )

Pick the ciphersuites order according to the second parameter in the SSL Server module (MBEDTLS_SSL_SRV_C). (Default, if never called: MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER)

Parameters
confSSL configuration
orderServer or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)

◆ mbedtls_ssl_conf_psk()

int mbedtls_ssl_conf_psk ( mbedtls_ssl_config * conf,
const unsigned char * psk,
size_t psk_len,
const unsigned char * psk_identity,
size_t psk_identity_len )

Configure pre-shared keys (PSKs) and their identities to be used in PSK-based ciphersuites.

Only one PSK can be registered, through either mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque(). If you attempt to register more than one PSK, this function fails, though this may change in future versions, which may add support for multiple PSKs.

Note
This is mainly useful for clients. Servers will usually want to use mbedtls_ssl_conf_psk_cb() instead.
A PSK set by mbedtls_ssl_set_hs_psk() in the PSK callback takes precedence over a PSK configured by this function.
Parameters
confThe SSL configuration to register the PSK with.
pskThe pointer to the pre-shared key to use.
psk_lenThe length of the pre-shared key in bytes.
psk_identityThe pointer to the pre-shared key identity.
psk_identity_lenThe length of the pre-shared key identity in bytes.
Note
The PSK and its identity are copied internally and hence need not be preserved by the caller for the lifetime of the SSL configuration.
Returns
0 if successful.
MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs can be configured. In this case, the old PSK(s) remain intact.
Another negative error code on other kinds of failure.

◆ mbedtls_ssl_conf_psk_cb()

void mbedtls_ssl_conf_psk_cb ( mbedtls_ssl_config * conf,
int(* f_psk )(void *, mbedtls_ssl_context *, const unsigned char *, size_t),
void * p_psk )

Set the PSK callback (server-side only).

           If set, the PSK callback is called for each
           handshake where a PSK-based ciphersuite was negotiated.
           The caller provides the identity received and wants to
           receive the actual PSK data and length.

           The callback has the following parameters:
           - \c void*: The opaque pointer \p p_psk.
           - \c mbedtls_ssl_context*: The SSL context to which
                                      the operation applies.
           - \c const unsigned char*: The PSK identity
                                      selected by the client.
           - \c size_t: The length of the PSK identity
                        selected by the client.

           If a valid PSK identity is found, the callback should use
           \c mbedtls_ssl_set_hs_psk() or
           \c mbedtls_ssl_set_hs_psk_opaque()
           on the SSL context to set the correct PSK and return \c 0.
           Any other return value will result in a denied PSK identity.
Note
A dynamic PSK (i.e. set by the PSK callback) takes precedence over a static PSK (i.e. set by mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque()). This means that if you set a PSK callback using this function, you don't need to set a PSK using mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque()).
Parameters
confThe SSL configuration to register the callback with.
f_pskThe callback for selecting and setting the PSK based in the PSK identity chosen by the client.
p_pskA pointer to an opaque structure to be passed to the callback, for example a PSK store.

◆ mbedtls_ssl_conf_read_timeout()

void mbedtls_ssl_conf_read_timeout ( mbedtls_ssl_config * conf,
uint32_t timeout )

Set the timeout period for mbedtls_ssl_read() (Default: no timeout.)

Parameters
confSSL configuration context
timeoutTimeout value in milliseconds. Use 0 for no timeout (default).
Note
With blocking I/O, this will only work if a non-NULL f_recv_timeout was set with mbedtls_ssl_set_bio(). With non-blocking I/O, this will only work if timer callbacks were set with mbedtls_ssl_set_timer_cb().
With non-blocking I/O, you may also skip this function altogether and handle timeouts at the application layer.

◆ mbedtls_ssl_conf_renegotiation()

void mbedtls_ssl_conf_renegotiation ( mbedtls_ssl_config * conf,
int renegotiation )

Enable / Disable renegotiation support for connection when initiated by peer (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)

Warning
It is recommended to always disable renegotiation unless you know you need it and you know what you're doing. In the past, there have been several issues associated with renegotiation or a poor understanding of its properties.
Note
Server-side, enabling renegotiation also makes the server susceptible to a resource DoS by a malicious client.
Parameters
confSSL configuration
renegotiationEnable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or MBEDTLS_SSL_RENEGOTIATION_DISABLED)

◆ mbedtls_ssl_conf_renegotiation_enforced()

void mbedtls_ssl_conf_renegotiation_enforced ( mbedtls_ssl_config * conf,
int max_records )

Enforce renegotiation requests. (Default: enforced, max_records = 16)

When we request a renegotiation, the peer can comply or ignore the request. This function allows us to decide whether to enforce our renegotiation requests by closing the connection if the peer doesn't comply.

However, records could already be in transit from the peer when the request is emitted. In order to increase reliability, we can accept a number of records before the expected handshake records.

The optimal value is highly dependent on the specific usage scenario.

Note
With DTLS and server-initiated renegotiation, the HelloRequest is retransmitted every time mbedtls_ssl_read() times out or receives Application Data, until:
  • max_records records have beens seen, if it is >= 0, or
  • the number of retransmits that would happen during an actual handshake has been reached. Please remember the request might be lost a few times if you consider setting max_records to a really low value.
Warning
On client, the grace period can only happen during mbedtls_ssl_read(), as opposed to mbedtls_ssl_write() and mbedtls_ssl_renegotiate() which always behave as if max_record was 0. The reason is, if we receive application data from the server, we need a place to write it, which only happens during mbedtls_ssl_read().
Parameters
confSSL configuration
max_recordsUse MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to enforce renegotiation, or a non-negative value to enforce it but allow for a grace period of max_records records.

◆ mbedtls_ssl_conf_renegotiation_period()

void mbedtls_ssl_conf_renegotiation_period ( mbedtls_ssl_config * conf,
const unsigned char period[8] )

Set record counter threshold for periodic renegotiation. (Default: 2^48 - 1)

Renegotiation is automatically triggered when a record counter (outgoing or incoming) crosses the defined threshold. The default value is meant to prevent the connection from being closed when the counter is about to reached its maximal value (it is not allowed to wrap).

Lower values can be used to enforce policies such as "keys must be refreshed every N packets with cipher X".

The renegotiation period can be disabled by setting conf->disable_renegotiation to MBEDTLS_SSL_RENEGOTIATION_DISABLED.

Note
When the configured transport is MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM, the maximum renegotiation period is 2^64 - 1.
Parameters
confSSL configuration
periodThe threshold value: a big-endian 64-bit number.

◆ mbedtls_ssl_conf_rng()

void mbedtls_ssl_conf_rng ( mbedtls_ssl_config * conf,
int(* f_rng )(void *, unsigned char *, size_t),
void * p_rng )

Set the random number generator callback.

Parameters
confSSL configuration
f_rngRNG function (mandatory)
p_rngRNG parameter

◆ mbedtls_ssl_conf_session_cache()

void mbedtls_ssl_conf_session_cache ( mbedtls_ssl_config * conf,
void * p_cache,
mbedtls_ssl_cache_get_t * f_get_cache,
mbedtls_ssl_cache_set_t * f_set_cache )

Set the session cache callbacks (server-side only) If not set, no session resuming is done (except if session tickets are enabled too).

The session cache has the responsibility to check for stale entries based on timeout. See RFC 5246 for recommendations.

Warning: session.peer_cert is cleared by the SSL/TLS layer on connection shutdown, so do not cache the pointer! Either set it to NULL or make a full copy of the certificate.

The get callback is called once during the initial handshake to enable session resuming. The get function has the following parameters: (void *parameter, mbedtls_ssl_session *session) If a valid entry is found, it should fill the master of the session object with the cached values and return 0, return 1 otherwise. Optionally peer_cert can be set as well if it is properly present in cache entry.

The set callback is called once during the initial handshake to enable session resuming after the entire handshake has been finished. The set function has the following parameters: (void *parameter, const mbedtls_ssl_session *session). The function should create a cache entry for future retrieval based on the data in the session structure and should keep in mind that the mbedtls_ssl_session object presented (and all its referenced data) is cleared by the SSL/TLS layer when the connection is terminated. It is recommended to add metadata to determine if an entry is still valid in the future. Return 0 if successfully cached, return 1 otherwise.

Parameters
confSSL configuration
p_cacheparameter (context) for both callbacks
f_get_cachesession get callback
f_set_cachesession set callback

◆ mbedtls_ssl_conf_session_tickets()

void mbedtls_ssl_conf_session_tickets ( mbedtls_ssl_config * conf,
int use_tickets )

Enable / Disable TLS 1.2 session tickets (client only, TLS 1.2 only). Enabled by default.

Note
On server, use mbedtls_ssl_conf_session_tickets_cb().
Parameters
confSSL configuration
use_ticketsEnable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or MBEDTLS_SSL_SESSION_TICKETS_DISABLED)

◆ mbedtls_ssl_conf_session_tickets_cb()

void mbedtls_ssl_conf_session_tickets_cb ( mbedtls_ssl_config * conf,
mbedtls_ssl_ticket_write_t * f_ticket_write,
mbedtls_ssl_ticket_parse_t * f_ticket_parse,
void * p_ticket )

Configure SSL session ticket callbacks (server only). (Default: none.)

Note
On server, session tickets are enabled by providing non-NULL callbacks.
On client, use mbedtls_ssl_conf_session_tickets().
Parameters
confSSL configuration context
f_ticket_writeCallback for writing a ticket
f_ticket_parseCallback for parsing a ticket
p_ticketContext shared by the two callbacks

◆ mbedtls_ssl_conf_set_user_data_n()

static void mbedtls_ssl_conf_set_user_data_n ( mbedtls_ssl_config * conf,
uintptr_t n )
inlinestatic

Set the user data in an SSL configuration to an integer.

You can retrieve this value later with mbedtls_ssl_conf_get_user_data_n().

Parameters
confThe SSL configuration context to modify.
nThe new value of the user data.

Definition at line 2781 of file ssl.h.

◆ mbedtls_ssl_conf_set_user_data_p()

static void mbedtls_ssl_conf_set_user_data_p ( mbedtls_ssl_config * conf,
void * p )
inlinestatic

Set the user data in an SSL configuration to a pointer.

You can retrieve this value later with mbedtls_ssl_conf_get_user_data_p().

Note
The library stores p without accessing it. It is the responsibility of the caller to ensure that the pointer remains valid.
Parameters
confThe SSL configuration context to modify.
pThe new value of the user data.

Definition at line 2767 of file ssl.h.

◆ mbedtls_ssl_conf_sig_algs()

void mbedtls_ssl_conf_sig_algs ( mbedtls_ssl_config * conf,
const uint16_t * sig_algs )

Configure allowed signature algorithms for use in TLS.

Parameters
confThe SSL configuration to use.
sig_algsList of allowed IANA values for TLS 1.3 signature algorithms, terminated by MBEDTLS_TLS1_3_SIG_NONE. The list must remain available throughout the lifetime of the conf object.
  • For TLS 1.3, values of MBEDTLS_TLS1_3_SIG_XXXX should be used.
  • For TLS 1.2, values should be given as "(HashAlgorithm << 8) | SignatureAlgorithm".

◆ mbedtls_ssl_conf_sig_hashes()

void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes ( mbedtls_ssl_config * conf,
const int * hashes )

Set the allowed hashes for signatures during the handshake.

Note
This only affects which hashes are offered and can be used for signatures during the handshake. Hashes for message authentication and the TLS PRF are controlled by the ciphersuite, see mbedtls_ssl_conf_ciphersuites(). Hashes used for certificate signature are controlled by the verification profile, see mbedtls_ssl_conf_cert_profile().
Deprecated
Superseded by mbedtls_ssl_conf_sig_algs().
Note
This list should be ordered by decreasing preference (preferred hash first).
By default, all supported hashes whose length is at least 256 bits are allowed. This is the same set as the default for certificate verification (mbedtls_x509_crt_profile_default). The preference order is currently unspecified and may change in future versions.
New minor versions of Mbed TLS may extend this list, for example if new curves are added to the library. New minor versions of Mbed TLS will not remove items from this list unless serious security concerns require it.
Parameters
confSSL configuration
hashesOrdered list of allowed signature hashes, terminated by MBEDTLS_MD_NONE.

◆ mbedtls_ssl_conf_sni()

void mbedtls_ssl_conf_sni ( mbedtls_ssl_config * conf,
int(* f_sni )(void *, mbedtls_ssl_context *, const unsigned char *, size_t),
void * p_sni )

Set server side ServerName TLS extension callback (optional, server-side only).

If set, the ServerName callback is called whenever the server receives a ServerName TLS extension from the client during a handshake. The ServerName callback has the following parameters: (void *parameter, mbedtls_ssl_context *ssl, const unsigned char *hostname, size_t len). If a suitable certificate is found, the callback must set the certificate(s) and key(s) to use with mbedtls_ssl_set_hs_own_cert() (can be called repeatedly), and may optionally adjust the CA and associated CRL with mbedtls_ssl_set_hs_ca_chain() as well as the client authentication mode with mbedtls_ssl_set_hs_authmode(), then must return 0. If no matching name is found, the callback may return non-zero to abort the handshake.

Parameters
confSSL configuration
f_sniverification function
p_sniverification parameter

◆ mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets()

void mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets ( mbedtls_ssl_config * conf,
int signal_new_session_tickets )

Enable / Disable handling of TLS 1.3 NewSessionTicket messages (client only, TLS 1.3 only).

The handling of TLS 1.3 NewSessionTicket messages is disabled by default.

In TLS 1.3, servers may send a NewSessionTicket message at any time, and may send multiple NewSessionTicket messages. By default, TLS 1.3 clients ignore NewSessionTicket messages.

To support session tickets in TLS 1.3 clients, call this function with MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED. When this is enabled, when a client receives a NewSessionTicket message, the next call to a message processing functions (notably mbedtls_ssl_handshake() and mbedtls_ssl_read()) will return MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET. The client should then call mbedtls_ssl_get_session() to retrieve the session ticket before calling the same message processing function again.

Parameters
confSSL configuration
signal_new_session_ticketsEnable or disable (MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED or MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_DISABLED)

◆ mbedtls_ssl_conf_tls13_key_exchange_modes()

void mbedtls_ssl_conf_tls13_key_exchange_modes ( mbedtls_ssl_config * conf,
const int kex_modes )

Set the supported key exchange modes for TLS 1.3 connections.

  In contrast to TLS 1.2, the ciphersuite concept in TLS 1.3 does not
  include the choice of key exchange mechanism. It is therefore not
  covered by the API mbedtls_ssl_conf_ciphersuites(). See the
  documentation of mbedtls_ssl_conf_ciphersuites() for more
  information on the ciphersuite concept in TLS 1.2 and TLS 1.3.

  The present function is specific to TLS 1.3 and allows users to
  configure the set of supported key exchange mechanisms in TLS 1.3.
Parameters
confThe SSL configuration the change should apply to.
kex_modesA bitwise combination of one or more of the following:
  • MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK This flag enables pure-PSK key exchanges.
  • MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL This flag enables combined PSK-ephemeral key exchanges.
  • MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL This flag enables pure-ephemeral key exchanges. For convenience, the following pre-defined macros are available for combinations of the above:
  • MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL Includes all of pure-PSK, PSK-ephemeral and pure-ephemeral.
  • MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL Includes both pure-PSK and combined PSK-ephemeral key exchanges, but excludes pure-ephemeral key exchanges.
  • MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL Includes both pure-ephemeral and combined PSK-ephemeral key exchanges.
Note
If a PSK-based key exchange mode shall be supported, applications must also use the APIs mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_cb() or mbedtls_ssl_conf_psk_opaque() to configure the PSKs to be used.
If a pure-ephemeral key exchange mode shall be supported, server-side applications must also provide a certificate via mbedtls_ssl_conf_own_cert().

◆ mbedtls_ssl_conf_transport()

void mbedtls_ssl_conf_transport ( mbedtls_ssl_config * conf,
int transport )

Set the transport type (TLS or DTLS). Default: TLS.

Note
For DTLS, you must either provide a recv callback that doesn't block, or one that handles timeouts, see mbedtls_ssl_set_bio(). You also need to provide timer callbacks with mbedtls_ssl_set_timer_cb().
Parameters
confSSL configuration
transporttransport type: MBEDTLS_SSL_TRANSPORT_STREAM for TLS, MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.

◆ mbedtls_ssl_conf_verify()

void mbedtls_ssl_conf_verify ( mbedtls_ssl_config * conf,
int(* f_vrfy )(void *, mbedtls_x509_crt *, int, uint32_t *),
void * p_vrfy )

Set the verification callback (Optional).

           If set, the provided verify callback is called for each
           certificate in the peer's CRT chain, including the trusted
           root. For more information, please see the documentation of
           \c mbedtls_x509_crt_verify().
Note
For per context callbacks and contexts, please use mbedtls_ssl_set_verify() instead.
Parameters
confThe SSL configuration to use.
f_vrfyThe verification callback to use during CRT verification.
p_vrfyThe opaque context to be passed to the callback.

◆ mbedtls_ssl_config_defaults()

int mbedtls_ssl_config_defaults ( mbedtls_ssl_config * conf,
int endpoint,
int transport,
int preset )

Load reasonable default SSL configuration values. (You need to call mbedtls_ssl_config_init() first.)

Parameters
confSSL configuration context
endpointMBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
transportMBEDTLS_SSL_TRANSPORT_STREAM for TLS, or MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
preseta MBEDTLS_SSL_PRESET_XXX value
Note
See mbedtls_ssl_conf_transport() for notes on DTLS.
Returns
0 if successful, or MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error.

◆ mbedtls_ssl_config_free()

void mbedtls_ssl_config_free ( mbedtls_ssl_config * conf)

Free an SSL configuration context.

Parameters
confSSL configuration context

◆ mbedtls_ssl_config_init()

void mbedtls_ssl_config_init ( mbedtls_ssl_config * conf)

Initialize an SSL configuration context Just makes the context ready for mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().

Note
You need to call mbedtls_ssl_config_defaults() unless you manually set all of the relevant fields yourself.
Parameters
confSSL configuration context

◆ mbedtls_ssl_context_get_config()

static const mbedtls_ssl_config * mbedtls_ssl_context_get_config ( const mbedtls_ssl_context * ssl)
inlinestatic

Return the SSL configuration structure associated with the given SSL context.

Note
The pointer returned by this function is guaranteed to remain valid until the context is freed.
Parameters
sslThe SSL context to query.
Returns
Pointer to the SSL configuration associated with ssl.

Definition at line 2206 of file ssl.h.

◆ mbedtls_ssl_context_load()

int mbedtls_ssl_context_load ( mbedtls_ssl_context * ssl,
const unsigned char * buf,
size_t len )

Load serialized connection data to an SSL context.

See also
mbedtls_ssl_context_save()
Warning
The same serialized data must never be loaded into more that one context. In order to ensure that, after successfully loading serialized data to an SSL context, you should immediately destroy or invalidate all copies of the serialized data that was loaded. Loading the same data in more than one context would cause severe security failures including but not limited to loss of confidentiality.
Note
Before calling this function, the SSL context must be prepared in one of the two following ways. The first way is to take a context freshly initialised with mbedtls_ssl_init() and call mbedtls_ssl_setup() on it with the same mbedtls_ssl_config structure that was used in the original connection. The second way is to call mbedtls_ssl_session_reset() on a context that was previously prepared as above but used in the meantime. Either way, you must not use the context to perform a handshake between calling mbedtls_ssl_setup() or mbedtls_ssl_session_reset() and calling this function. You may however call other setter functions in that time frame as indicated in the note below.
Before or after calling this function successfully, you also need to configure some connection-specific callbacks and settings before you can use the connection again (unless they were already set before calling mbedtls_ssl_session_reset() and the values are suitable for the present connection). Specifically, you want to call at least mbedtls_ssl_set_bio(), mbedtls_ssl_set_timer_cb(), and mbedtls_ssl_set_user_data_n() or mbedtls_ssl_set_user_data_p() if they were set originally. All other SSL setter functions are not necessary to call, either because they're only used in handshakes, or because the setting is already saved. You might choose to call them anyway, for example in order to share code between the cases of establishing a new connection and the case of loading an already-established connection.
If you have new information about the path MTU, you want to call mbedtls_ssl_set_mtu() after calling this function, as otherwise this function would overwrite your newly-configured value with the value that was active when the context was saved.
When this function returns an error code, it calls mbedtls_ssl_free() on ssl. In this case, you need to prepare the context with the usual sequence starting with a call to mbedtls_ssl_init() if you want to use it again.
Parameters
sslThe SSL context structure to be populated. It must have been prepared as described in the note above.
bufThe buffer holding the serialized connection data. It must be a readable buffer of at least len bytes.
lenThe size of the serialized data in bytes.
Returns
0 if successful.
MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data comes from a different Mbed TLS version or build.
MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.

◆ mbedtls_ssl_context_save()

int mbedtls_ssl_context_save ( mbedtls_ssl_context * ssl,
unsigned char * buf,
size_t buf_len,
size_t * olen )

Save an active connection as serialized data in a buffer. This allows the freeing or re-using of the SSL context while still picking up the connection later in a way that it entirely transparent to the peer.

See also
mbedtls_ssl_context_load()
Note
The serialized data only contains the data that is necessary to resume the connection: negotiated protocol options, session identifier, keys, etc. Loading a saved SSL context does not restore settings and state related to how the application accesses the context, such as configured callback functions, user data, pending incoming or outgoing data, etc.
This feature is currently only available under certain conditions, see the documentation of the return value MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details.
When this function succeeds, it calls mbedtls_ssl_session_reset() on ssl which as a result is no longer associated with the connection that has been serialized. This avoids creating copies of the connection state. You're then free to either re-use the context structure for a different connection, or call mbedtls_ssl_free() on it. See the documentation of mbedtls_ssl_session_reset() for more details.
Parameters
sslThe SSL context to save. On success, it is no longer associated with the connection that has been serialized.
bufThe buffer to write the serialized data to. It must be a writeable buffer of at least buf_len bytes, or may be NULL if buf_len is 0.
buf_lenThe number of bytes available for writing in buf.
olenThe size in bytes of the data that has been or would have been written. It must point to a valid size_t.
Note
olen is updated to the correct value regardless of whether buf_len was large enough. This makes it possible to determine the necessary size by calling this function with buf set to NULL and buf_len to 0. However, the value of olen is only guaranteed to be correct when the function returns MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL or 0. If the return value is different, then the value of olen is undefined.
Returns
0 if successful.
MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if buf is too small.
MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed while resetting the context.
MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in progress, or there is pending data for reading or sending, or the connection does not use DTLS 1.2 with an AEAD ciphersuite, or renegotiation is enabled.

◆ mbedtls_ssl_free()

void mbedtls_ssl_free ( mbedtls_ssl_context * ssl)

Free referenced items in an SSL context and clear memory.

Parameters
sslSSL context

◆ mbedtls_ssl_get_alpn_protocol()

const char * mbedtls_ssl_get_alpn_protocol ( const mbedtls_ssl_context * ssl)

Get the name of the negotiated Application Layer Protocol. This function should be called after the handshake is completed.

Parameters
sslSSL context
Returns
Protocol name, or NULL if no protocol was negotiated.

◆ mbedtls_ssl_get_bytes_avail()

size_t mbedtls_ssl_get_bytes_avail ( const mbedtls_ssl_context * ssl)

Return the number of application data bytes remaining to be read from the current record.

Parameters
sslSSL context
Returns
How many bytes are available in the application data record read buffer.
Note
When working over a datagram transport, this is useful to detect the current datagram's boundary in case mbedtls_ssl_read has written the maximal amount of data fitting into the input buffer.

◆ mbedtls_ssl_get_ciphersuite()

const char * mbedtls_ssl_get_ciphersuite ( const mbedtls_ssl_context * ssl)

Return the name of the current ciphersuite.

Parameters
sslSSL context
Returns
a string containing the ciphersuite name

◆ mbedtls_ssl_get_ciphersuite_id()

int mbedtls_ssl_get_ciphersuite_id ( const char * ciphersuite_name)

Return the ID of the ciphersuite associated with the given name.

Parameters
ciphersuite_nameSSL ciphersuite name
Returns
the ID with the ciphersuite or 0 if not found

◆ mbedtls_ssl_get_ciphersuite_id_from_ssl()

int mbedtls_ssl_get_ciphersuite_id_from_ssl ( const mbedtls_ssl_context * ssl)

Return the id of the current ciphersuite.

Parameters
sslSSL context
Returns
a ciphersuite id

◆ mbedtls_ssl_get_ciphersuite_name()

const char * mbedtls_ssl_get_ciphersuite_name ( const int ciphersuite_id)

Return the name of the ciphersuite associated with the given ID.

Parameters
ciphersuite_idSSL ciphersuite ID
Returns
a string containing the ciphersuite name

◆ mbedtls_ssl_get_hostname()

static const char * mbedtls_ssl_get_hostname ( mbedtls_ssl_context * ssl)
inlinestatic

Get the hostname that checked against the received server certificate. It is used to set the ServerName TLS extension, too, if that extension is enabled. (client-side only)

Parameters
sslSSL context
Returns
const pointer to the hostname value

Definition at line 3998 of file ssl.h.

◆ mbedtls_ssl_get_hs_sni()

const unsigned char * mbedtls_ssl_get_hs_sni ( mbedtls_ssl_context * ssl,
size_t * name_len )

Retrieve SNI extension value for the current handshake. Available in f_cert_cb of mbedtls_ssl_conf_cert_cb(), this is the same value passed to f_sni callback of mbedtls_ssl_conf_sni() and may be used instead of mbedtls_ssl_conf_sni().

Parameters
sslSSL context
name_lenpointer into which to store length of returned value. 0 if SNI extension is not present or not yet processed.
Returns
const pointer to SNI extension value.
  • value is valid only when called in f_cert_cb registered with mbedtls_ssl_conf_cert_cb().
  • value is NULL if SNI extension is not present.
  • value is not '\0'-terminated. Use name_len for len.
  • value must not be freed.

◆ mbedtls_ssl_get_max_in_record_payload()

int mbedtls_ssl_get_max_in_record_payload ( const mbedtls_ssl_context * ssl)

Return the current maximum incoming record payload in bytes.

Note
The logic to determine the maximum incoming record payload is version-specific. It takes into account various factors, such as the mbedtls_config.h setting MBEDTLS_SSL_IN_CONTENT_LEN, extensions such as the max fragment length extension or record size limit extension if used, and the current record expansion.
See also
mbedtls_ssl_set_mtu()
mbedtls_ssl_get_max_in_record_payload()
mbedtls_ssl_get_record_expansion()
Parameters
sslSSL context
Returns
Current maximum payload for an incoming record, or a negative error code.

◆ mbedtls_ssl_get_max_out_record_payload()

int mbedtls_ssl_get_max_out_record_payload ( const mbedtls_ssl_context * ssl)

Return the current maximum outgoing record payload in bytes.

Note
The logic to determine the maximum outgoing record payload is version-specific. It takes into account various factors, such as the mbedtls_config.h setting MBEDTLS_SSL_OUT_CONTENT_LEN, extensions such as the max fragment length or record size limit extension if used, and for DTLS the path MTU as configured and current record expansion.
With DTLS, mbedtls_ssl_write() will return an error if called with a larger length value. With TLS, mbedtls_ssl_write() will fragment the input if necessary and return the number of bytes written; it is up to the caller to call mbedtls_ssl_write() again in order to send the remaining bytes if any.
See also
mbedtls_ssl_get_max_out_record_payload()
mbedtls_ssl_get_record_expansion()
Parameters
sslSSL context
Returns
Current maximum payload for an outgoing record, or a negative error code.

◆ mbedtls_ssl_get_own_cid()

int mbedtls_ssl_get_own_cid ( mbedtls_ssl_context * ssl,
int * enabled,
unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX],
size_t * own_cid_len )

Get information about our request for usage of the CID extension in the current connection.

Parameters
sslThe SSL context to query.
enabledThe address at which to store whether the CID extension is requested to be used or not. If the CID is requested, *enabled is set to MBEDTLS_SSL_CID_ENABLED; otherwise, it is set to MBEDTLS_SSL_CID_DISABLED.
own_cidThe address of the buffer in which to store our own CID (if the CID extension is requested). This may be NULL in case the value of our CID isn't needed. If it is not NULL, own_cid_len must not be NULL.
own_cid_lenThe address at which to store the size of our own CID (if the CID extension is requested). This is also the number of Bytes in own_cid that have been written. This may be NULL in case the length of our own CID isn't needed. If it is NULL, own_cid must be NULL, too.
Note
If we are requesting an empty CID this function sets *enabled to MBEDTLS_SSL_CID_DISABLED (the rationale for this is that the resulting outcome is the same as if the CID extensions wasn't requested).
Returns
0 on success.
A negative error code on failure.

◆ mbedtls_ssl_get_peer_cert()

const mbedtls_x509_crt * mbedtls_ssl_get_peer_cert ( const mbedtls_ssl_context * ssl)

Return the peer certificate from the current connection.

Parameters
sslThe SSL context to use. This must be initialized and setup.
Returns
The current peer certificate, if available. The returned certificate is owned by the SSL context and is valid only until the next call to the SSL API.
NULL if no peer certificate is available. This might be because the chosen ciphersuite doesn't use CRTs (PSK-based ciphersuites, for example), or because MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled, allowing the stack to free the peer's CRT to save memory.
Note
For one-time inspection of the peer's certificate during the handshake, consider registering an X.509 CRT verification callback through mbedtls_ssl_conf_verify() instead of calling this function. Using mbedtls_ssl_conf_verify() also comes at the benefit of allowing you to influence the verification process, for example by masking expected and tolerated verification failures.
Warning
You must not use the pointer returned by this function after any further call to the SSL API, including mbedtls_ssl_read() and mbedtls_ssl_write(); this is because the pointer might change during renegotiation, which happens transparently to the user. If you want to use the certificate across API calls, you must make a copy.

◆ mbedtls_ssl_get_peer_cid()

int mbedtls_ssl_get_peer_cid ( mbedtls_ssl_context * ssl,
int * enabled,
unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
size_t * peer_cid_len )

Get information about the use of the CID extension in the current connection.

Parameters
sslThe SSL context to query.
enabledThe address at which to store whether the CID extension is currently in use or not. If the CID is in use, *enabled is set to MBEDTLS_SSL_CID_ENABLED; otherwise, it is set to MBEDTLS_SSL_CID_DISABLED.
peer_cidThe address of the buffer in which to store the CID chosen by the peer (if the CID extension is used). This may be NULL in case the value of peer CID isn't needed. If it is not NULL, peer_cid_len must not be NULL.
peer_cid_lenThe address at which to store the size of the CID chosen by the peer (if the CID extension is used). This is also the number of Bytes in peer_cid that have been written. This may be NULL in case the length of the peer CID isn't needed. If it is NULL, peer_cid must be NULL, too.
Note
This applies to the state of the CID negotiated in the last complete handshake. If a handshake is in progress, this function will attempt to complete the handshake first.
If CID extensions have been exchanged but both client and server chose to use an empty CID, this function sets *enabled to MBEDTLS_SSL_CID_DISABLED (the rationale for this is that the resulting communication is the same as if the CID extensions hadn't been used).
Returns
0 on success.
A negative error code on failure.

◆ mbedtls_ssl_get_record_expansion()

int mbedtls_ssl_get_record_expansion ( const mbedtls_ssl_context * ssl)

Return the (maximum) number of bytes added by the record layer: header + encryption/MAC overhead (inc. padding)

Parameters
sslSSL context
Returns
Current maximum record expansion in bytes

◆ mbedtls_ssl_get_session()

int mbedtls_ssl_get_session ( const mbedtls_ssl_context * ssl,
mbedtls_ssl_session * session )

Export a session in order to resume it later.

Parameters
sslThe SSL context representing the connection for which to to export a session structure for later resumption.
sessionThe target structure in which to store the exported session. This must have been initialized with mbedtls_ssl_session_init() but otherwise be unused.
Note
This function can handle a variety of mechanisms for session resumption: For TLS 1.2, both session ID-based resumption and ticket-based resumption will be considered. For TLS 1.3, sessions equate to tickets, and if session tickets are enabled (see MBEDTLS_SSL_SESSION_TICKETS configuration option), this function exports the last received ticket and the exported session may be used to resume the TLS 1.3 session. If session tickets are disabled, exported sessions cannot be used to resume a TLS 1.3 session.
Returns
0 if successful. In this case, session can be used for session resumption by passing it to mbedtls_ssl_set_session(), and serialized for storage via mbedtls_ssl_session_save().
Another negative error code on other kinds of failure.
See also
mbedtls_ssl_set_session()
mbedtls_ssl_session_save()

◆ mbedtls_ssl_get_user_data_n()

static uintptr_t mbedtls_ssl_get_user_data_n ( mbedtls_ssl_context * ssl)
inlinestatic

Retrieve the user data in an SSL context as an integer.

This is the value last set with mbedtls_ssl_set_user_data_n(), or 0 if mbedtls_ssl_set_user_data_n() has not previously been called. The value is undefined if mbedtls_ssl_set_user_data_p() has been called without a subsequent call to mbedtls_ssl_set_user_data_n().

Parameters
sslThe SSL context to modify.
Returns
The current value of the user data.

Definition at line 2877 of file ssl.h.

◆ mbedtls_ssl_get_user_data_p()

static void * mbedtls_ssl_get_user_data_p ( mbedtls_ssl_context * ssl)
inlinestatic

Retrieve the user data in an SSL context as a pointer.

This is the value last set with mbedtls_ssl_set_user_data_p(), or NULL if mbedtls_ssl_set_user_data_p() has not previously been called. The value is undefined if mbedtls_ssl_set_user_data_n() has been called without a subsequent call to mbedtls_ssl_set_user_data_p().

Parameters
sslThe SSL context to modify.
Returns
The current value of the user data.

Definition at line 2861 of file ssl.h.

◆ mbedtls_ssl_get_verify_result()

uint32_t mbedtls_ssl_get_verify_result ( const mbedtls_ssl_context * ssl)

Return the result of the certificate verification.

Parameters
sslThe SSL context to use.
Returns
0 if the certificate verification was successful.
-1u if the result is not available. This may happen e.g. if the handshake aborts early, or a verification callback returned a fatal error.
A bitwise combination of MBEDTLS_X509_BADCERT_XXX and MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h.

◆ mbedtls_ssl_get_version()

const char * mbedtls_ssl_get_version ( const mbedtls_ssl_context * ssl)

Return the current TLS version.

Parameters
sslSSL context
Returns
a string containing the TLS version

◆ mbedtls_ssl_get_version_number()

static mbedtls_ssl_protocol_version mbedtls_ssl_get_version_number ( const mbedtls_ssl_context * ssl)
inlinestatic

Return the (D)TLS protocol version negotiated in the given connection.

Note
If you call this function too early during the initial handshake, before the two sides have agreed on a version, this function returns MBEDTLS_SSL_VERSION_UNKNOWN.
Parameters
sslThe SSL context to query.
Returns
The negotiated protocol version.

Definition at line 4765 of file ssl.h.

◆ mbedtls_ssl_handshake()

int mbedtls_ssl_handshake ( mbedtls_ssl_context * ssl)

Perform the SSL handshake.

Parameters
sslSSL context
Returns
0 if successful.
MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE if the handshake is incomplete and waiting for data to be available for reading from or writing to the underlying transport - in this case you must call this function again when the underlying transport is ready for the operation.
MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous operation is in progress (see mbedtls_ssl_conf_async_private_cb()) - in this case you must call this function again when the operation is ready.
MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic operation is in progress (see mbedtls_ecp_set_max_ops()) - in this case you must call this function again to complete the handshake when you're done attending other tasks.
MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use and the client did not demonstrate reachability yet - in this case you must stop using the context (see below).
MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET if a TLS 1.3 NewSessionTicket message has been received. See the documentation of mbedtls_ssl_read() for more information about this error code.
MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as defined in RFC 8446 (TLS 1.3 specification), has been received as part of the handshake. This is server specific and may occur only if the early data feature has been enabled on server (see mbedtls_ssl_conf_early_data() documentation). You must call mbedtls_ssl_read_early_data() to read the early data before resuming the handshake.
Another SSL error code - in this case you must stop using the context (see below).
Warning
If this function returns something other than 0, MBEDTLS_ERR_SSL_WANT_READ, MBEDTLS_ERR_SSL_WANT_WRITE, MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET or MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, you must stop using the SSL context for reading or writing, and either free it or call mbedtls_ssl_session_reset() on it before re-using it for a new connection; the current connection must be closed.
Note
If DTLS is in use, then you may choose to handle MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging purposes, as it is an expected return value rather than an actual error, but you still need to reset/free the context.
Remarks regarding event-driven DTLS: If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram from the underlying transport layer is currently being processed, and it is safe to idle until the timer or the underlying transport signal a new event. This is not true for a successful handshake, in which case the datagram of the underlying transport that is currently being processed might or might not contain further DTLS records.
If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto subsystem must have been initialized by calling psa_crypto_init() before calling this function. Otherwise, the handshake may call psa_crypto_init() if a negotiation involving TLS 1.3 takes place (this may be the case even if TLS 1.3 is offered but eventually not selected).

◆ mbedtls_ssl_handshake_step()

int mbedtls_ssl_handshake_step ( mbedtls_ssl_context * ssl)

Perform a single step of the SSL handshake.

Note
The state of the context (ssl->state) will be at the next state after this function returns 0. Do not call this function if mbedtls_ssl_is_handshake_over() returns 1.
Warning
Whilst in the past you may have used direct access to the context state (ssl->state) in order to ascertain when to stop calling this function and although you can still do so with something like ssl->MBEDTLS_PRIVATE(state) or by defining MBEDTLS_ALLOW_PRIVATE_ACCESS, this is now considered deprecated and could be broken in any future release. If you still find you have good reason for such direct access, then please do contact the team to explain this (raise an issue or post to the mailing list), so that we can add a solution to your problem that will be guaranteed to work in the future.
Parameters
sslSSL context
Returns
See mbedtls_ssl_handshake().
Warning
If this function returns something other than 0, MBEDTLS_ERR_SSL_WANT_READ, MBEDTLS_ERR_SSL_WANT_WRITE, MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET or MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, you must stop using the SSL context for reading or writing, and either free it or call mbedtls_ssl_session_reset() on it before re-using it for a new connection; the current connection must be closed.

◆ mbedtls_ssl_init()

void mbedtls_ssl_init ( mbedtls_ssl_context * ssl)

Initialize an SSL context Just makes the context ready for mbedtls_ssl_setup() or mbedtls_ssl_free()

Parameters
sslSSL context

◆ mbedtls_ssl_is_handshake_over()

static int mbedtls_ssl_is_handshake_over ( mbedtls_ssl_context * ssl)
inlinestatic

After calling mbedtls_ssl_handshake() to start the SSL handshake you can call this function to check whether the handshake is over for a given SSL context. This function should be also used to determine when to stop calling mbedtls_handshake_step() for that context.

Parameters
sslSSL context
Returns
1 if handshake is over, 0 if it is still ongoing.

Definition at line 4987 of file ssl.h.

References MBEDTLS_SSL_HANDSHAKE_OVER.

◆ mbedtls_ssl_read()

int mbedtls_ssl_read ( mbedtls_ssl_context * ssl,
unsigned char * buf,
size_t len )

Read at most 'len' application data bytes.

Parameters
sslSSL context
bufbuffer that will hold the data
lenmaximum number of bytes to read
Returns
The (positive) number of bytes read if successful.
0 if the read end of the underlying transport was closed without sending a CloseNotify beforehand, which might happen because of various reasons (internal error of an underlying stack, non-conformant peer not sending a CloseNotify and such) - in this case you must stop using the context (see below).
MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY if the underlying transport is still functional, but the peer has acknowledged to not send anything anymore.
MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE if the handshake is incomplete and waiting for data to be available for reading from or writing to the underlying transport - in this case you must call this function again when the underlying transport is ready for the operation.
MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous operation is in progress (see mbedtls_ssl_conf_async_private_cb()) - in this case you must call this function again when the operation is ready.
MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic operation is in progress (see mbedtls_ecp_set_max_ops()) - in this case you must call this function again to complete the handshake when you're done attending other tasks.
MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server side of a DTLS connection and the client is initiating a new connection using the same source port. See below.
MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET if a TLS 1.3 NewSessionTicket message has been received. This error code is only returned on the client side. It is only returned if handling of TLS 1.3 NewSessionTicket messages has been enabled through mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets(). This error code indicates that a TLS 1.3 NewSessionTicket message has been received and parsed successfully by the client. The ticket data can be retrieved from the SSL context by calling mbedtls_ssl_get_session(). It remains available until the next call to mbedtls_ssl_read().
MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as defined in RFC 8446 (TLS 1.3 specification), has been received as part of the handshake. This is server specific and may occur only if the early data feature has been enabled on server (see mbedtls_ssl_conf_early_data() documentation). You must call mbedtls_ssl_read_early_data() to read the early data before resuming the handshake.
Another SSL error code - in this case you must stop using the context (see below).
Warning
If this function returns something other than a positive value, MBEDTLS_ERR_SSL_WANT_READ, MBEDTLS_ERR_SSL_WANT_WRITE, MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, MBEDTLS_ERR_SSL_CLIENT_RECONNECT or MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET or MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, you must stop using the SSL context for reading or writing, and either free it or call mbedtls_ssl_session_reset() on it before re-using it for a new connection; the current connection must be closed.
Note
When this function returns MBEDTLS_ERR_SSL_CLIENT_RECONNECT (which can only happen server-side), it means that a client is initiating a new connection using the same source port. You can either treat that as a connection close and wait for the client to resend a ClientHello, or directly continue with mbedtls_ssl_handshake() with the same context (as it has been reset internally). Either way, you must make sure this is seen by the application as a new connection: application state, if any, should be reset, and most importantly the identity of the client must be checked again. WARNING: not validating the identity of the client again, or not transmitting the new identity to the application layer, would allow authentication bypass!
Remarks regarding event-driven DTLS:
  • If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram from the underlying transport layer is currently being processed, and it is safe to idle until the timer or the underlying transport signal a new event.
  • This function may return MBEDTLS_ERR_SSL_WANT_READ even if data was initially available on the underlying transport, as this data may have been only e.g. duplicated messages or a renegotiation request. Therefore, you must be prepared to receive MBEDTLS_ERR_SSL_WANT_READ even when reacting to an incoming-data event from the underlying transport.
  • On success, the datagram of the underlying transport that is currently being processed may contain further DTLS records. You should call mbedtls_ssl_check_pending to check for remaining records.

◆ mbedtls_ssl_renegotiate()

int mbedtls_ssl_renegotiate ( mbedtls_ssl_context * ssl)

Initiate an SSL renegotiation on the running connection. Client: perform the renegotiation right now. Server: request renegotiation, which will be performed during the next call to mbedtls_ssl_read() if honored by client.

Parameters
sslSSL context
Returns
0 if successful, or any mbedtls_ssl_handshake() return value except MBEDTLS_ERR_SSL_CLIENT_RECONNECT that can't happen during a renegotiation.
Warning
If this function returns something other than 0, MBEDTLS_ERR_SSL_WANT_READ, MBEDTLS_ERR_SSL_WANT_WRITE, MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using the SSL context for reading or writing, and either free it or call mbedtls_ssl_session_reset() on it before re-using it for a new connection; the current connection must be closed.

◆ mbedtls_ssl_send_alert_message()

int mbedtls_ssl_send_alert_message ( mbedtls_ssl_context * ssl,
unsigned char level,
unsigned char message )

Send an alert message.

Parameters
sslSSL context
levelThe alert level of the message (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL)
messageThe alert message (SSL_ALERT_MSG_*)
Returns
0 if successful, or a specific SSL error code.
Note
If this function returns something other than 0 or MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using the SSL context for reading or writing, and either free it or call mbedtls_ssl_session_reset() on it before re-using it for a new connection; the current connection must be closed.

◆ mbedtls_ssl_session_free()

void mbedtls_ssl_session_free ( mbedtls_ssl_session * session)

Free referenced items in an SSL session including the peer certificate and clear memory.

Note
A session object can be freed even if the SSL context that was used to retrieve the session is still in use.
Parameters
sessionSSL session

◆ mbedtls_ssl_session_get_ciphersuite_id()

static int mbedtls_ssl_session_get_ciphersuite_id ( const mbedtls_ssl_session * session)
inlinestatic

Get the ciphersuite-id.

Parameters
sessionSSL session.
Returns
int represetation for ciphersuite.

Definition at line 2730 of file ssl.h.

◆ mbedtls_ssl_session_get_id()

static unsigned const char(* mbedtls_ssl_session_get_id ( const mbedtls_ssl_session * session) )[32]
inlinestatic

Get the session-id buffer.

Parameters
sessionSSL session.
Returns
The address of the session-id buffer.

Definition at line 2705 of file ssl.h.

◆ mbedtls_ssl_session_get_id_len()

static size_t mbedtls_ssl_session_get_id_len ( const mbedtls_ssl_session * session)
inlinestatic

Get the size of the session-id.

Parameters
sessionSSL session.
Returns
size_t size of session-id buffer.

Definition at line 2718 of file ssl.h.

◆ mbedtls_ssl_session_get_ticket_creation_time()

static int mbedtls_ssl_session_get_ticket_creation_time ( mbedtls_ssl_session * session,
mbedtls_ms_time_t * ticket_creation_time )
inlinestatic

Get the creation time of a session ticket.

Note
See the documentation of ticket_creation_time for information about the intended usage of this function.
Parameters
sessionSSL session
ticket_creation_timeOn exit, holds the ticket creation time in milliseconds.
Returns
0 on success, MBEDTLS_ERR_SSL_BAD_INPUT_DATA if an input is not valid.

Definition at line 2683 of file ssl.h.

References MBEDTLS_ERR_SSL_BAD_INPUT_DATA, and MBEDTLS_SSL_IS_SERVER.

◆ mbedtls_ssl_session_init()

void mbedtls_ssl_session_init ( mbedtls_ssl_session * session)

Initialize SSL session structure.

Parameters
sessionSSL session

◆ mbedtls_ssl_session_load()

int mbedtls_ssl_session_load ( mbedtls_ssl_session * session,
const unsigned char * buf,
size_t len )

Load serialized session data into a session structure. On client, this can be used for loading saved sessions before resuming them with mbedtls_ssl_set_session(). On server, this can be used for alternative implementations of session cache or session tickets.

Warning
If a peer certificate chain is associated with the session, the serialized state will only contain the peer's end-entity certificate and the result of the chain verification (unless verification was disabled), but not the rest of the chain.
See also
mbedtls_ssl_session_save()
mbedtls_ssl_set_session()
Parameters
sessionThe session structure to be populated. It must have been initialised with mbedtls_ssl_session_init() but not populated yet.
bufThe buffer holding the serialized session data. It must be a readable buffer of at least len bytes.
lenThe size of the serialized data in bytes.
Returns
0 if successful.
MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data was generated in a different version or configuration of Mbed TLS.
Another negative value for other kinds of errors (for example, unsupported features in the embedded certificate).

◆ mbedtls_ssl_session_reset()

int mbedtls_ssl_session_reset ( mbedtls_ssl_context * ssl)

Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data.

Parameters
sslSSL context
Returns
0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or MBEDTLS_ERR_SSL_HW_ACCEL_FAILED

◆ mbedtls_ssl_session_save()

int mbedtls_ssl_session_save ( const mbedtls_ssl_session * session,
unsigned char * buf,
size_t buf_len,
size_t * olen )

Save session structure as serialized data in a buffer. On client, this can be used for saving session data, potentially in non-volatile storage, for resuming later. On server, this can be used for alternative implementations of session cache or session tickets.

See also
mbedtls_ssl_session_load()
Parameters
sessionThe session structure to be saved.
bufThe buffer to write the serialized data to. It must be a writeable buffer of at least buf_len bytes, or may be NULL if buf_len is 0.
buf_lenThe number of bytes available for writing in buf.
olenThe size in bytes of the data that has been or would have been written. It must point to a valid size_t.
Note
olen is updated to the correct value regardless of whether buf_len was large enough. This makes it possible to determine the necessary size by calling this function with buf set to NULL and buf_len to 0.
For TLS 1.3 sessions, this feature is supported only if the MBEDTLS_SSL_SESSION_TICKETS configuration option is enabled, as in TLS 1.3 session resumption is possible only with tickets.
Returns
0 if successful.
MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if buf is too small.
MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the MBEDTLS_SSL_SESSION_TICKETS configuration option is disabled and the session is a TLS 1.3 session.

◆ mbedtls_ssl_set_bio()

void mbedtls_ssl_set_bio ( mbedtls_ssl_context * ssl,
void * p_bio,
mbedtls_ssl_send_t * f_send,
mbedtls_ssl_recv_t * f_recv,
mbedtls_ssl_recv_timeout_t * f_recv_timeout )

Set the underlying BIO callbacks for write, read and read-with-timeout.

Parameters
sslSSL context
p_bioparameter (context) shared by BIO callbacks
f_sendwrite callback
f_recvread callback
f_recv_timeoutblocking read callback with timeout.
Note
One of f_recv or f_recv_timeout can be NULL, in which case the other is used. If both are non-NULL, f_recv_timeout is used and f_recv is ignored (as if it were NULL).
The two most common use cases are:
  • non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
  • blocking I/O, f_recv == NULL, f_recv_timeout != NULL
For DTLS, you need to provide either a non-NULL f_recv_timeout callback, or a f_recv that doesn't block.
See the documentations of mbedtls_ssl_send_t, mbedtls_ssl_recv_t and mbedtls_ssl_recv_timeout_t for the conventions those callbacks must follow.
On some platforms, net_sockets.c provides mbedtls_net_send(), mbedtls_net_recv() and mbedtls_net_recv_timeout() that are suitable to be used here.

◆ mbedtls_ssl_set_cid()

int mbedtls_ssl_set_cid ( mbedtls_ssl_context * ssl,
int enable,
unsigned char const * own_cid,
size_t own_cid_len )

Configure the use of the Connection ID (CID) extension in the next handshake.

Reference: RFC 9146 (or draft-ietf-tls-dtls-connection-id-05 https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05 for legacy version)

The DTLS CID extension allows the reliable association of DTLS records to DTLS connections across changes in the underlying transport (changed IP and Port metadata) by adding explicit connection identifiers (CIDs) to the headers of encrypted DTLS records. The desired CIDs are configured by the application layer and are exchanged in new ClientHello / ServerHello extensions during the handshake, where each side indicates the CID it wants the peer to use when writing encrypted messages. The CIDs are put to use once records get encrypted: the stack discards any incoming records that don't include the configured CID in their header, and adds the peer's requested CID to the headers of outgoing messages.

This API enables or disables the use of the CID extension in the next handshake and sets the value of the CID to be used for incoming messages.

Parameters
sslThe SSL context to configure. This must be initialized.
enableThis value determines whether the CID extension should be used or not. Possible values are:
  • MBEDTLS_SSL_CID_ENABLED to enable the use of the CID.
  • MBEDTLS_SSL_CID_DISABLED (default) to disable the use of the CID.
own_cidThe address of the readable buffer holding the CID we want the peer to use when sending encrypted messages to us. This may be NULL if own_cid_len is 0. This parameter is unused if enable is set to MBEDTLS_SSL_CID_DISABLED.
own_cid_lenThe length of own_cid. This parameter is unused if enable is set to MBEDTLS_SSL_CID_DISABLED.
Note
The value of own_cid_len must match the value of the len parameter passed to mbedtls_ssl_conf_cid() when configuring the mbedtls_ssl_config that ssl is bound to.
This CID configuration applies to subsequent handshakes performed on the SSL context ssl, but does not trigger one. You still have to call mbedtls_ssl_handshake() (for the initial handshake) or mbedtls_ssl_renegotiate() (for a renegotiation handshake) explicitly after a successful call to this function to run the handshake.
This call cannot guarantee that the use of the CID will be successfully negotiated in the next handshake, because the peer might not support it. Specifically:
  • On the Client, enabling the use of the CID through this call implies that the ClientHello in the next handshake will include the CID extension, thereby offering the use of the CID to the server. Only if the ServerHello contains the CID extension, too, the CID extension will actually be put to use.
  • On the Server, enabling the use of the CID through this call implies that the server will look for the CID extension in a ClientHello from the client, and, if present, reply with a CID extension in its ServerHello.
To check whether the use of the CID was negotiated after the subsequent handshake has completed, please use the API mbedtls_ssl_get_peer_cid().
Warning
If the use of the CID extension is enabled in this call and the subsequent handshake negotiates its use, Mbed TLS will silently drop every packet whose CID does not match the CID configured in own_cid. It is the responsibility of the user to adapt the underlying transport to take care of CID-based demultiplexing before handing datagrams to Mbed TLS.
Returns
0 on success. In this case, the CID configuration applies to the next handshake.
A negative error code on failure.

◆ mbedtls_ssl_set_client_transport_id()

int mbedtls_ssl_set_client_transport_id ( mbedtls_ssl_context * ssl,
const unsigned char * info,
size_t ilen )

Set client's transport-level identification info. (Server only. DTLS only.)

This is usually the IP address (and port), but could be anything identify the client depending on the underlying network stack. Used for HelloVerifyRequest with DTLS. This is not used to route the actual packets.

Parameters
sslSSL context
infoTransport-level info identifying the client (eg IP + port)
ilenLength of info in bytes
Note
An internal copy is made, so the info buffer can be reused.
Returns
0 on success, MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client, MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.

◆ mbedtls_ssl_set_datagram_packing()

void mbedtls_ssl_set_datagram_packing ( mbedtls_ssl_context * ssl,
unsigned allow_packing )

Allow or disallow packing of multiple handshake records within a single datagram.

Parameters
sslThe SSL context to configure.
allow_packingThis determines whether datagram packing may be used or not. A value of 0 means that every record will be sent in a separate datagram; a value of 1 means that, if space permits, multiple handshake messages (including CCS) belonging to a single flight may be packed within a single datagram.
Note
This is enabled by default and should only be disabled for test purposes, or if datagram packing causes interoperability issues with peers that don't support it.
Allowing datagram packing reduces the network load since there's less overhead if multiple messages share the same datagram. Also, it increases the handshake efficiency since messages belonging to a single datagram will not be reordered in transit, and so future message buffering or flight retransmission (if no buffering is used) as means to deal with reordering are needed less frequently.
Application records are not affected by this option and are currently always sent in separate datagrams.

◆ mbedtls_ssl_set_export_keys_cb()

void mbedtls_ssl_set_export_keys_cb ( mbedtls_ssl_context * ssl,
mbedtls_ssl_export_keys_t * f_export_keys,
void * p_export_keys )

Configure a key export callback. (Default: none.)

This API can be used for two purposes:

  • Debugging: Use this API to e.g. generate an NSSKeylog file and use it to inspect encrypted traffic in tools such as Wireshark.
  • Application-specific export: Use this API to implement key exporters, e.g. for EAP-TLS or DTLS-SRTP.
Parameters
sslThe SSL context to which the export callback should be attached.
f_export_keysThe callback for the key export.
p_export_keysThe opaque context pointer to be passed to the callback f_export_keys.

◆ mbedtls_ssl_set_hostname()

int mbedtls_ssl_set_hostname ( mbedtls_ssl_context * ssl,
const char * hostname )

Set or reset the hostname to check against the received server certificate. It sets the ServerName TLS extension, too, if that extension is enabled. (client-side only)

Parameters
sslSSL context
hostnamethe server hostname, may be NULL to clear hostname
Note
Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
Returns
0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on too long input hostname.

Hostname set to the one provided on success (cleared when NULL). On allocation failure hostname is cleared. On too long input failure, old hostname is unchanged.

◆ mbedtls_ssl_set_hs_authmode()

void mbedtls_ssl_set_hs_authmode ( mbedtls_ssl_context * ssl,
int authmode )

Set authmode for the current handshake.

Note
Same as mbedtls_ssl_conf_authmode() but for use within the SNI callback or the certificate selection callback.
Parameters
sslSSL context
authmodeMBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_REQUIRED

◆ mbedtls_ssl_set_hs_ca_chain()

void mbedtls_ssl_set_hs_ca_chain ( mbedtls_ssl_context * ssl,
mbedtls_x509_crt * ca_chain,
mbedtls_x509_crl * ca_crl )

Set the data required to verify peer certificate for the current handshake.

Note
Same as mbedtls_ssl_conf_ca_chain() but for use within the SNI callback or the certificate selection callback.
Parameters
sslSSL context
ca_chaintrusted CA chain (meaning all fully trusted top-level CAs)
ca_crltrusted CA CRLs

◆ mbedtls_ssl_set_hs_dn_hints()

void mbedtls_ssl_set_hs_dn_hints ( mbedtls_ssl_context * ssl,
const mbedtls_x509_crt * crt )

Set DN hints sent to client in CertificateRequest message.

Note
Same as mbedtls_ssl_conf_dn_hints() but for use within the SNI callback or the certificate selection callback.
Parameters
sslSSL context
crtcrt chain whose subject DNs are issuer DNs of client certs from which the client should select client peer certificate.

◆ mbedtls_ssl_set_hs_own_cert()

int mbedtls_ssl_set_hs_own_cert ( mbedtls_ssl_context * ssl,
mbedtls_x509_crt * own_cert,
mbedtls_pk_context * pk_key )

Set own certificate and key for the current handshake.

Note
Same as mbedtls_ssl_conf_own_cert() but for use within the SNI callback or the certificate selection callback.
Passing null own_cert clears the certificate list for the current handshake.
Parameters
sslSSL context
own_certown public certificate chain
pk_keyown private key
Returns
0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED

◆ mbedtls_ssl_set_hs_psk()

int mbedtls_ssl_set_hs_psk ( mbedtls_ssl_context * ssl,
const unsigned char * psk,
size_t psk_len )

Set the pre-shared Key (PSK) for the current handshake.

Note
This should only be called inside the PSK callback, i.e. the function passed to mbedtls_ssl_conf_psk_cb().
A PSK set by this function takes precedence over a PSK configured by mbedtls_ssl_conf_psk().
Parameters
sslThe SSL context to configure a PSK for.
pskThe pointer to the pre-shared key.
psk_lenThe length of the pre-shared key in bytes.
Returns
0 if successful.
An MBEDTLS_ERR_SSL_XXX error code on failure.

◆ mbedtls_ssl_set_mtu()

void mbedtls_ssl_set_mtu ( mbedtls_ssl_context * ssl,
uint16_t mtu )

Set the Maximum Transport Unit (MTU). Special value: 0 means unset (no limit). This represents the maximum size of a datagram payload handled by the transport layer (usually UDP) as determined by the network link and stack. In practice, this controls the maximum size datagram the DTLS layer will pass to the f_send() callback set using mbedtls_ssl_set_bio().

Note
The limit on datagram size is converted to a limit on record payload by subtracting the current overhead of encapsulation and encryption/authentication if any.
This can be called at any point during the connection, for example when a Path Maximum Transfer Unit (PMTU) estimate becomes available from other sources, such as lower (or higher) protocol layers.
This setting only controls the size of the packets we send, and does not restrict the size of the datagrams we're willing to receive. Client-side, you can request the server to use smaller records with mbedtls_ssl_conf_max_frag_len().
If both a MTU and a maximum fragment length have been configured (or negotiated with the peer), the resulting lower limit on record payload (see first note) is used.
This can only be used to decrease the maximum size of datagrams (hence records, see first note) sent. It cannot be used to increase the maximum size of records over the limit set by MBEDTLS_SSL_OUT_CONTENT_LEN.
Values lower than the current record layer expansion will result in an error when trying to send data.
Parameters
sslSSL context
mtuValue of the path MTU in bytes

◆ mbedtls_ssl_set_session()

int mbedtls_ssl_set_session ( mbedtls_ssl_context * ssl,
const mbedtls_ssl_session * session )

Load a session for session resumption.

           Sessions loaded through this call will be considered
           for session resumption in the next handshake.
Note
Even if this call succeeds, it is not guaranteed that the next handshake will indeed be shortened through the use of session resumption: The server is always free to reject any attempt for resumption and fall back to a full handshake.
This function can handle a variety of mechanisms for session resumption: For TLS 1.2, both session ID-based resumption and ticket-based resumption will be considered. For TLS 1.3, sessions equate to tickets, and loading one session by calling this function will lead to its corresponding ticket being advertised as resumption PSK by the client. This depends on session tickets being enabled (see MBEDTLS_SSL_SESSION_TICKETS configuration option) though. If session tickets are disabled, a call to this function with a TLS 1.3 session, will not have any effect on the next handshake for the SSL context ssl.
Parameters
sslThe SSL context representing the connection which should be attempted to be setup using session resumption. This must be initialized via mbedtls_ssl_init() and bound to an SSL configuration via mbedtls_ssl_setup(), but the handshake must not yet have been started.
sessionThe session to be considered for session resumption. This must be a session previously exported via mbedtls_ssl_get_session(), and potentially serialized and deserialized through mbedtls_ssl_session_save() and mbedtls_ssl_session_load() in the meantime.
Returns
0 if successful.
MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the session could not be loaded because one session has already been loaded. This error is non-fatal, and has no observable effect on the SSL context or the session that was attempted to be loaded.
Another negative error code on other kinds of failure.
See also
mbedtls_ssl_get_session()
mbedtls_ssl_session_load()

◆ mbedtls_ssl_set_timer_cb()

void mbedtls_ssl_set_timer_cb ( mbedtls_ssl_context * ssl,
void * p_timer,
mbedtls_ssl_set_timer_t * f_set_timer,
mbedtls_ssl_get_timer_t * f_get_timer )

Set the timer callbacks (Mandatory for DTLS.)

Parameters
sslSSL context
p_timerparameter (context) shared by timer callbacks
f_set_timerset timer callback
f_get_timerget timer callback. Must return:
Note
See the documentation of mbedtls_ssl_set_timer_t and mbedtls_ssl_get_timer_t for the conventions this pair of callbacks must follow.
On some platforms, timing.c provides mbedtls_timing_set_delay() and mbedtls_timing_get_delay() that are suitable for using here, except if using an event-driven style.
See also the "DTLS tutorial" article in our knowledge base. https://mbed-tls.readthedocs.io/en/latest/kb/how-to/dtls-tutorial

◆ mbedtls_ssl_set_user_data_n()

static void mbedtls_ssl_set_user_data_n ( mbedtls_ssl_context * ssl,
uintptr_t n )
inlinestatic

Set the user data in an SSL context to an integer.

You can retrieve this value later with mbedtls_ssl_get_user_data_n().

Parameters
sslThe SSL context to modify.
nThe new value of the user data.

Definition at line 2844 of file ssl.h.

◆ mbedtls_ssl_set_user_data_p()

static void mbedtls_ssl_set_user_data_p ( mbedtls_ssl_context * ssl,
void * p )
inlinestatic

Set the user data in an SSL context to a pointer.

You can retrieve this value later with mbedtls_ssl_get_user_data_p().

Note
The library stores p without accessing it. It is the responsibility of the caller to ensure that the pointer remains valid.
Parameters
sslThe SSL context to modify.
pThe new value of the user data.

Definition at line 2830 of file ssl.h.

◆ mbedtls_ssl_set_verify()

void mbedtls_ssl_set_verify ( mbedtls_ssl_context * ssl,
int(* f_vrfy )(void *, mbedtls_x509_crt *, int, uint32_t *),
void * p_vrfy )

Set a connection-specific verification callback (optional).

           If set, the provided verify callback is called for each
           certificate in the peer's CRT chain, including the trusted
           root. For more information, please see the documentation of
           \c mbedtls_x509_crt_verify().
Note
This call is analogous to mbedtls_ssl_conf_verify() but binds the verification callback and context to an SSL context as opposed to an SSL configuration. If mbedtls_ssl_conf_verify() and mbedtls_ssl_set_verify() are both used, mbedtls_ssl_set_verify() takes precedence.
Parameters
sslThe SSL context to use.
f_vrfyThe verification callback to use during CRT verification.
p_vrfyThe opaque context to be passed to the callback.

◆ mbedtls_ssl_setup()

int mbedtls_ssl_setup ( mbedtls_ssl_context * ssl,
const mbedtls_ssl_config * conf )

Set up an SSL context for use.

Note
No copy of the configuration context is made, it can be shared by many mbedtls_ssl_context structures.
Warning
The conf structure will be accessed during the session. It must not be modified or freed as long as the session is active.
This function must be called exactly once per context. Calling mbedtls_ssl_setup again is not supported, even if no session is active.
Note
If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto subsystem must have been initialized by calling psa_crypto_init() before calling this function.
Parameters
sslSSL context
confSSL configuration to use
Returns
0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed

◆ mbedtls_ssl_tls_prf()

int mbedtls_ssl_tls_prf ( const mbedtls_tls_prf_types prf,
const unsigned char * secret,
size_t slen,
const char * label,
const unsigned char * random,
size_t rlen,
unsigned char * dstbuf,
size_t dlen )

TLS-PRF function for key derivation.

Parameters
prfThe tls_prf type function type to be used.
secretSecret for the key derivation function.
slenLength of the secret.
labelString label for the key derivation function, terminated with null character.
randomRandom bytes.
rlenLength of the random bytes buffer.
dstbufThe buffer holding the derived key.
dlenLength of the output buffer.
Returns
0 on success. An SSL specific error on failure.

◆ mbedtls_ssl_write()

int mbedtls_ssl_write ( mbedtls_ssl_context * ssl,
const unsigned char * buf,
size_t len )

Try to write exactly 'len' application data bytes.

Warning
This function will do partial writes in some cases. If the return value is non-negative but less than length, the function must be called again with updated arguments: buf + ret, len - ret (if ret is the return value) until it returns a value equal to the last 'len' argument.
Parameters
sslSSL context
bufbuffer holding the data
lenhow many bytes must be written
Returns
The (non-negative) number of bytes actually written if successful (may be less than len).
MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE if the handshake is incomplete and waiting for data to be available for reading from or writing to the underlying transport - in this case you must call this function again when the underlying transport is ready for the operation.
MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous operation is in progress (see mbedtls_ssl_conf_async_private_cb()) - in this case you must call this function again when the operation is ready.
MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic operation is in progress (see mbedtls_ecp_set_max_ops()) - in this case you must call this function again to complete the handshake when you're done attending other tasks.
MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET if a TLS 1.3 NewSessionTicket message has been received. See the documentation of mbedtls_ssl_read() for more information about this error code.
MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as defined in RFC 8446 (TLS 1.3 specification), has been received as part of the handshake. This is server specific and may occur only if the early data feature has been enabled on server (see mbedtls_ssl_conf_early_data() documentation). You must call mbedtls_ssl_read_early_data() to read the early data before resuming the handshake.
Another SSL error code - in this case you must stop using the context (see below).
Warning
If this function returns something other than a non-negative value, MBEDTLS_ERR_SSL_WANT_READ, MBEDTLS_ERR_SSL_WANT_WRITE, MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET or MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, you must stop using the SSL context for reading or writing, and either free it or call mbedtls_ssl_session_reset() on it before re-using it for a new connection; the current connection must be closed.
Note
When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ, it must be called later with the same arguments, until it returns a value greater than or equal to 0. When the function returns MBEDTLS_ERR_SSL_WANT_WRITE there may be some partial data in the output buffer, however this is not yet sent.
If the requested length is greater than the maximum fragment length (either the built-in limit or the one set or negotiated with the peer), then:
  • with TLS, less bytes than requested are written.
  • with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned. mbedtls_ssl_get_max_out_record_payload() may be used to query the active maximum fragment length.
Attempting to write 0 bytes will result in an empty TLS application record being sent.