blob: f11bcb3fb0c89bd4b019902182d39c0ef2ca9b11 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +00001/**
Bence Szépkútibb0cfeb2021-05-28 09:42:25 +02002 * \file mbedtls_config.h
Paul Bakker5121ce52009-01-03 21:22:43 +00003 *
Paul Bakker37ca75d2011-01-06 12:28:03 +00004 * \brief Configuration options (set of defines)
5 *
Simon Butcher5b331b92016-01-03 16:14:14 +00006 * This set of compile-time options may be used to enable
7 * or disable features selectively, and reduce the global
8 * memory footprint.
Darryl Greena40a1012018-01-05 15:33:17 +00009 */
10/*
Bence Szépkúti1e148272020-08-07 13:07:28 +020011 * Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +000012 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Manuel Pégourié-Gonnarde2b0efe2015-08-11 10:38:37 +020013 */
14
Bence Szépkúti2bb74562021-06-21 16:19:00 +020015/**
Tom Cosgrove1e211442022-05-26 11:51:00 +010016 * This is an optional version symbol that enables compatibility handling of
Bence Szépkúti2bb74562021-06-21 16:19:00 +020017 * config files.
18 *
Bence Szépkúti1b2a8832021-06-28 10:26:11 +010019 * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that
Bence Szépkúti2bb74562021-06-21 16:19:00 +020020 * introduced the config format we want to be compatible with.
21 */
Bence Szépkúti1cafe5c2021-06-22 09:30:08 +020022//#define MBEDTLS_CONFIG_VERSION 0x03000000
Bence Szépkútiba7248a2021-05-31 16:53:56 +020023
Paul Bakkerf3b86c12011-01-27 15:24:17 +000024/**
Minos Galanakisacd560f2024-12-12 15:30:05 +000025 * \name SECTION: Platform abstraction layer
26 *
27 * This section sets platform specific settings.
28 * \{
29 */
30
Minos Galanakisacd560f2024-12-12 15:30:05 +000031/**
Minos Galanakis80e76b62024-12-12 15:46:29 +000032 * \def MBEDTLS_NET_C
Minos Galanakisacd560f2024-12-12 15:30:05 +000033 *
Minos Galanakis80e76b62024-12-12 15:46:29 +000034 * Enable the TCP and UDP over IPv6/IPv4 networking routines.
Minos Galanakisacd560f2024-12-12 15:30:05 +000035 *
Minos Galanakis80e76b62024-12-12 15:46:29 +000036 * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
37 * and Windows. For other platforms, you'll want to disable it, and write your
38 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
Minos Galanakisacd560f2024-12-12 15:30:05 +000039 *
Minos Galanakis80e76b62024-12-12 15:46:29 +000040 * \note See also our Knowledge Base article about porting to a new
41 * environment:
42 * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
Paul Bakker0a62cd12011-01-21 11:00:08 +000043 *
Minos Galanakis80e76b62024-12-12 15:46:29 +000044 * Module: library/net_sockets.c
45 *
46 * This module provides networking routines.
Paul Bakker0a62cd12011-01-21 11:00:08 +000047 */
Minos Galanakis80e76b62024-12-12 15:46:29 +000048#define MBEDTLS_NET_C
Paul Bakker5121ce52009-01-03 21:22:43 +000049
Paul Bakkerf3b86c12011-01-27 15:24:17 +000050/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020051 * \def MBEDTLS_TIMING_ALT
Paul Bakkerf2561b32014-02-06 15:11:55 +010052 *
TRodziewiczd8540832021-06-10 15:16:50 +020053 * Uncomment to provide your own alternate implementation for
Manuel Pégourié-Gonnarda63bc942015-05-14 18:22:47 +020054 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
Paul Bakkerf2561b32014-02-06 15:11:55 +010055 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020056 * Only works if you have MBEDTLS_TIMING_C enabled.
Paul Bakkerf2561b32014-02-06 15:11:55 +010057 *
58 * You will need to provide a header "timing_alt.h" and an implementation at
59 * compile time.
60 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020061//#define MBEDTLS_TIMING_ALT
Paul Bakkerf2561b32014-02-06 15:11:55 +010062
Paul Bakker90995b52013-06-24 19:20:35 +020063/**
Minos Galanakis80e76b62024-12-12 15:46:29 +000064 * \def MBEDTLS_TIMING_C
Paul Bakkerd4a56ec2013-04-16 18:05:29 +020065 *
Minos Galanakis80e76b62024-12-12 15:46:29 +000066 * Enable the semi-portable timing interface.
Paul Bakkerd4a56ec2013-04-16 18:05:29 +020067 *
Minos Galanakis80e76b62024-12-12 15:46:29 +000068 * \note The provided implementation only works on POSIX/Unix (including Linux,
69 * BSD and OS X) and Windows. On other platforms, you can either disable that
70 * module and provide your own implementations of the callbacks needed by
71 * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
72 * your own implementation of the whole module by setting
73 * \c MBEDTLS_TIMING_ALT in the current file.
74 *
75 * \note The timing module will include time.h on suitable platforms
76 * regardless of the setting of MBEDTLS_HAVE_TIME, unless
77 * MBEDTLS_TIMING_ALT is used. See timing.c for more information.
78 *
79 * \note See also our Knowledge Base article about porting to a new
80 * environment:
81 * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
82 *
83 * Module: library/timing.c
Paul Bakkerd4a56ec2013-04-16 18:05:29 +020084 */
Minos Galanakis80e76b62024-12-12 15:46:29 +000085#define MBEDTLS_TIMING_C
86
87/** \} name SECTION: Platform abstraction layer */
88
89/**
90 * \name SECTION: General configuration options
91 *
Minos Galanakis1bf85a82024-12-12 16:29:38 +000092 * This section contains Mbed TLS build settings that are not associated
93 * with a particular module.
Minos Galanakis80e76b62024-12-12 15:46:29 +000094 * \{
95 */
96
97/**
98 * \def MBEDTLS_ERROR_C
99 *
100 * Enable error code to error string conversion.
101 *
102 * Module: library/error.c
103 * Caller:
104 *
105 * This module enables mbedtls_strerror().
106 */
107#define MBEDTLS_ERROR_C
108
109/**
110 * \def MBEDTLS_ERROR_STRERROR_DUMMY
111 *
112 * Enable a dummy error function to make use of mbedtls_strerror() in
113 * third party libraries easier when MBEDTLS_ERROR_C is disabled
114 * (no effect when MBEDTLS_ERROR_C is enabled).
115 *
116 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
117 * not using mbedtls_strerror() or error_strerror() in your application.
118 *
119 * Disable if you run into name conflicts and want to really remove the
120 * mbedtls_strerror()
121 */
122#define MBEDTLS_ERROR_STRERROR_DUMMY
123
124/**
125 * \def MBEDTLS_VERSION_C
126 *
127 * Enable run-time version information.
128 *
129 * Module: library/version.c
130 *
131 * This module provides run-time version information.
132 */
133#define MBEDTLS_VERSION_C
134
135/**
136 * \def MBEDTLS_VERSION_FEATURES
137 *
138 * Allow run-time checking of compile-time enabled features. Thus allowing users
139 * to check at run-time if the library is for instance compiled with threading
140 * support via mbedtls_version_check_feature().
141 *
142 * Requires: MBEDTLS_VERSION_C
143 *
144 * Comment this to disable run-time checking and save ROM space
145 */
146#define MBEDTLS_VERSION_FEATURES
147
148/**
149 * \def MBEDTLS_CONFIG_FILE
150 *
151 * If defined, this is a header which will be included instead of
152 * `"mbedtls/mbedtls_config.h"`.
153 * This header file specifies the compile-time configuration of Mbed TLS.
154 * Unlike other configuration options, this one must be defined on the
155 * compiler command line: a definition in `mbedtls_config.h` would have
156 * no effect.
157 *
158 * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
159 * non-standard feature of the C language, so this feature is only available
160 * with compilers that perform macro expansion on an <tt>\#include</tt> line.
161 *
162 * The value of this symbol is typically a path in double quotes, either
163 * absolute or relative to a directory on the include search path.
164 */
165//#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h"
166
167/**
168 * \def MBEDTLS_USER_CONFIG_FILE
169 *
170 * If defined, this is a header which will be included after
171 * `"mbedtls/mbedtls_config.h"` or #MBEDTLS_CONFIG_FILE.
172 * This allows you to modify the default configuration, including the ability
173 * to undefine options that are enabled by default.
174 *
175 * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
176 * non-standard feature of the C language, so this feature is only available
177 * with compilers that perform macro expansion on an <tt>\#include</tt> line.
178 *
179 * The value of this symbol is typically a path in double quotes, either
180 * absolute or relative to a directory on the include search path.
181 */
182//#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
183
184/** \} name SECTION: General configuration options */
185
186/**
187 * \name SECTION: TLS feature selection
188 *
Minos Galanakis1bf85a82024-12-12 16:29:38 +0000189 * This section sets support for features that are or are not needed
190 * within the modules that are enabled.
Minos Galanakis80e76b62024-12-12 15:46:29 +0000191 * \{
192 */
193
194/**
195 * \def MBEDTLS_DEBUG_C
196 *
197 * Enable the debug functions.
198 *
199 * Module: library/debug.c
200 * Caller: library/ssl_msg.c
201 * library/ssl_tls.c
202 * library/ssl_tls12_*.c
203 * library/ssl_tls13_*.c
204 *
205 * This module provides debugging functions.
206 */
207#define MBEDTLS_DEBUG_C
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200208
209/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000210 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
211 *
212 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
213 *
214 * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH
215 * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA
216 * MBEDTLS_X509_CRT_PARSE_C
217 *
218 * This enables the following ciphersuites (if other requisites are
219 * enabled as well):
220 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
221 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
222 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
223 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
224 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
225 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
226 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
227 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
228 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
229 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
230 */
231#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
232
233/**
234 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
235 *
236 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
237 *
238 * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH
239 *
240 * This enables the following ciphersuites (if other requisites are
241 * enabled as well):
242 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
243 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
244 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
245 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
246 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
247 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
248 */
249#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
250
251/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200252 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200253 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200254 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
Paul Bakkere07f41d2013-04-19 09:08:57 +0200255 *
Janos Follath277bba82024-11-19 16:14:00 +0000256 * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH
Manuel Pégourié-Gonnard4fa702a2023-03-29 12:15:24 +0200257 * MBEDTLS_RSA_C
Ronald Cron5eb9aba2025-07-22 10:58:44 +0200258 * PSA_WANT_ALG_RSA_PKCS1V15_SIGN
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200259 * MBEDTLS_X509_CRT_PARSE_C
Paul Bakkere07f41d2013-04-19 09:08:57 +0200260 *
261 * This enables the following ciphersuites (if other requisites are
262 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200263 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
264 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
265 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
266 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
267 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
268 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
269 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
270 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
271 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
272 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
Paul Bakkere07f41d2013-04-19 09:08:57 +0200273 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200274#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200275
276/**
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +0200277 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
278 *
279 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
280 *
Manuel Pégourié-Gonnard75df9022015-09-16 23:21:01 +0200281 * \warning This is currently experimental. EC J-PAKE support is based on the
282 * Thread v1.0.0 specification; incompatible changes to the specification
283 * might still happen. For this reason, this is disabled by default.
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +0200284 *
Janos Follath277bba82024-11-19 16:14:00 +0000285 * Requires: MBEDTLS_ECJPAKE_C or PSA_WANT_ALG_JPAKE
Ronald Cron5eb9aba2025-07-22 10:58:44 +0200286 * PSA_WANT_ALG_SHA_256
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +0200287 * MBEDTLS_ECP_DP_SECP256R1_ENABLED
288 *
289 * This enables the following ciphersuites (if other requisites are
290 * enabled as well):
291 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
292 */
Manuel Pégourié-Gonnardcf828932015-10-20 14:57:00 +0200293//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +0200294
295/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000296 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
Paul Bakker8fe40dc2013-02-02 12:43:08 +0100297 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000298 * Enable the PSK based ciphersuite modes in SSL / TLS.
Manuel Pégourié-Gonnarddc16aa72014-06-25 12:55:12 +0200299 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000300 * This enables the following ciphersuites (if other requisites are
301 * enabled as well):
302 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
303 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
304 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
305 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
306 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
307 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
308 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
309 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
310 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
311 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
Paul Bakker8fe40dc2013-02-02 12:43:08 +0100312 */
Minos Galanakis80e76b62024-12-12 15:46:29 +0000313#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
314
315/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200316 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
Paul Bakker40865c82013-01-31 17:13:13 +0100317 *
318 * Enable sending of alert messages in case of encountered errors as per RFC.
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200319 * If you choose not to send the alert messages, Mbed TLS can still communicate
Paul Bakker40865c82013-01-31 17:13:13 +0100320 * with other servers, only debugging of failures is harder.
321 *
322 * The advantage of not sending alert messages, is that no information is given
323 * about reasons for failures thus preventing adversaries of gaining intel.
324 *
325 * Enable sending of all alert messages
326 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200327#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
Paul Bakker40865c82013-01-31 17:13:13 +0100328
329/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000330 * \def MBEDTLS_SSL_ALPN
Gilles Peskined3d02902020-03-04 21:35:27 +0100331 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000332 * Enable support for RFC 7301 Application Layer Protocol Negotiation.
Gilles Peskined3d02902020-03-04 21:35:27 +0100333 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000334 * Comment this macro to disable support for ALPN.
Gilles Peskined3d02902020-03-04 21:35:27 +0100335 */
Minos Galanakis80e76b62024-12-12 15:46:29 +0000336#define MBEDTLS_SSL_ALPN
Gilles Peskined3d02902020-03-04 21:35:27 +0100337
338/**
Gilles Peskineb74a1c72018-04-24 13:09:22 +0200339 * \def MBEDTLS_SSL_ASYNC_PRIVATE
340 *
341 * Enable asynchronous external private key operations in SSL. This allows
342 * you to configure an SSL connection to call an external cryptographic
343 * module to perform private key operations instead of performing the
344 * operation inside the library.
345 *
Valerio Setti8841d6b2023-01-05 08:40:24 +0100346 * Requires: MBEDTLS_X509_CRT_PARSE_C
Gilles Peskineb74a1c72018-04-24 13:09:22 +0200347 */
Jaeden Amerod9c71da2018-06-15 20:31:26 +0100348//#define MBEDTLS_SSL_ASYNC_PRIVATE
Gilles Peskineb74a1c72018-04-24 13:09:22 +0200349
350/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000351 * \def MBEDTLS_SSL_CACHE_C
352 *
353 * Enable simple SSL cache implementation.
354 *
355 * Module: library/ssl_cache.c
356 * Caller:
357 *
358 * Requires: MBEDTLS_SSL_CACHE_C
359 */
360#define MBEDTLS_SSL_CACHE_C
361
362/**
363 * \def MBEDTLS_SSL_CLI_C
364 *
365 * Enable the SSL/TLS client code.
366 *
367 * Module: library/ssl*_client.c
368 * Caller:
369 *
370 * Requires: MBEDTLS_SSL_TLS_C
371 *
372 * \warning You must call psa_crypto_init() before doing any TLS operations.
373 *
374 * This module is required for SSL/TLS client support.
375 */
376#define MBEDTLS_SSL_CLI_C
377
378/**
Gilles Peskined3d02902020-03-04 21:35:27 +0100379 * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION
380 *
381 * Enable serialization of the TLS context structures, through use of the
382 * functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load().
383 *
384 * This pair of functions allows one side of a connection to serialize the
385 * context associated with the connection, then free or re-use that context
386 * while the serialized state is persisted elsewhere, and finally deserialize
387 * that state to a live context for resuming read/write operations on the
388 * connection. From a protocol perspective, the state of the connection is
389 * unaffected, in particular this is entirely transparent to the peer.
390 *
391 * Note: this is distinct from TLS session resumption, which is part of the
392 * protocol and fully visible by the peer. TLS session resumption enables
393 * establishing new connections associated to a saved session with shorter,
394 * lighter handshakes, while context serialization is a local optimization in
395 * handling a single, potentially long-lived connection.
396 *
397 * Enabling these APIs makes some SSL structures larger, as 64 extra bytes are
398 * saved after the handshake to allow for more efficient serialization, so if
399 * you don't need this feature you'll save RAM by disabling it.
400 *
Ronald Cron5eb9aba2025-07-22 10:58:44 +0200401 * Requires: PSA_WANT_ALG_GCM or PSA_WANT_ALG_CCM or PSA_WANT_ALG_CHACHA20_POLY1305
Przemek Stekiel460192e2022-10-03 08:55:29 +0200402 *
Gilles Peskined3d02902020-03-04 21:35:27 +0100403 * Comment to disable the context serialization APIs.
404 */
405#define MBEDTLS_SSL_CONTEXT_SERIALIZATION
406
407/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000408 * \def MBEDTLS_SSL_COOKIE_C
409 *
410 * Enable basic implementation of DTLS cookies for hello verification.
411 *
412 * Module: library/ssl_cookie.c
413 * Caller:
414 */
415#define MBEDTLS_SSL_COOKIE_C
416
417/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200418 * \def MBEDTLS_SSL_DEBUG_ALL
Paul Bakkerd66f0702013-01-31 16:57:45 +0100419 *
420 * Enable the debug messages in SSL module for all issues.
421 * Debug messages have been disabled in some places to prevent timing
422 * attacks due to (unbalanced) debugging function calls.
423 *
424 * If you need all error reporting you should enable this during debugging,
425 * but remove this for production servers that should log as well.
426 *
427 * Uncomment this macro to report all debug messages on errors introducing
428 * a timing side-channel.
429 *
Paul Bakkerd66f0702013-01-31 16:57:45 +0100430 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200431//#define MBEDTLS_SSL_DEBUG_ALL
Paul Bakkerd66f0702013-01-31 16:57:45 +0100432
Minos Galanakis80e76b62024-12-12 15:46:29 +0000433/**
434 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
435 *
436 * Enable support for the anti-replay mechanism in DTLS.
437 *
438 * Requires: MBEDTLS_SSL_TLS_C
439 * MBEDTLS_SSL_PROTO_DTLS
440 *
441 * \warning Disabling this is often a security risk!
442 * See mbedtls_ssl_conf_dtls_anti_replay() for details.
443 *
444 * Comment this to disable anti-replay in DTLS.
445 */
446#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
447
448/**
449 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
450 *
451 * Enable server-side support for clients that reconnect from the same port.
452 *
453 * Some clients unexpectedly close the connection and try to reconnect using the
454 * same source port. This needs special support from the server to handle the
455 * new connection securely, as described in section 4.2.8 of RFC 6347. This
456 * flag enables that support.
457 *
458 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
459 *
460 * Comment this to disable support for clients reusing the source port.
461 */
462#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
463
464/**
465 * \def MBEDTLS_SSL_DTLS_CONNECTION_ID
466 *
467 * Enable support for the DTLS Connection ID (CID) extension,
468 * which allows to identify DTLS connections across changes
469 * in the underlying transport. The CID functionality is described
470 * in RFC 9146.
471 *
472 * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
473 * mbedtls_ssl_get_own_cid()`, `mbedtls_ssl_get_peer_cid()` and
474 * `mbedtls_ssl_conf_cid()`. See the corresponding documentation for
475 * more information.
476 *
477 * The maximum lengths of outgoing and incoming CIDs can be configured
478 * through the options
479 * - MBEDTLS_SSL_CID_OUT_LEN_MAX
480 * - MBEDTLS_SSL_CID_IN_LEN_MAX.
481 *
482 * Requires: MBEDTLS_SSL_PROTO_DTLS
483 *
484 * Uncomment to enable the Connection ID extension.
485 */
486#define MBEDTLS_SSL_DTLS_CONNECTION_ID
487
488/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000489 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
490 *
491 * Enable support for HelloVerifyRequest on DTLS servers.
492 *
493 * This feature is highly recommended to prevent DTLS servers being used as
494 * amplifiers in DoS attacks against other hosts. It should always be enabled
495 * unless you know for sure amplification cannot be a problem in the
496 * environment in which your server operates.
497 *
498 * \warning Disabling this can be a security risk! (see above)
499 *
500 * Requires: MBEDTLS_SSL_PROTO_DTLS
501 *
502 * Comment this to disable support for HelloVerifyRequest.
503 */
504#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
505
506/**
507 * \def MBEDTLS_SSL_DTLS_SRTP
508 *
509 * Enable support for negotiation of DTLS-SRTP (RFC 5764)
510 * through the use_srtp extension.
511 *
512 * \note This feature provides the minimum functionality required
513 * to negotiate the use of DTLS-SRTP and to allow the derivation of
514 * the associated SRTP packet protection key material.
515 * In particular, the SRTP packet protection itself, as well as the
516 * demultiplexing of RTP and DTLS packets at the datagram layer
517 * (see Section 5 of RFC 5764), are not handled by this feature.
518 * Instead, after successful completion of a handshake negotiating
519 * the use of DTLS-SRTP, the extended key exporter API
520 * mbedtls_ssl_conf_export_keys_cb() should be used to implement
521 * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705
522 * (this is implemented in the SSL example programs).
523 * The resulting key should then be passed to an SRTP stack.
524 *
525 * Setting this option enables the runtime API
526 * mbedtls_ssl_conf_dtls_srtp_protection_profiles()
527 * through which the supported DTLS-SRTP protection
528 * profiles can be configured. You must call this API at
529 * runtime if you wish to negotiate the use of DTLS-SRTP.
530 *
531 * Requires: MBEDTLS_SSL_PROTO_DTLS
532 *
533 * Uncomment this to enable support for use_srtp extension.
534 */
535//#define MBEDTLS_SSL_DTLS_SRTP
536
537/**
538 * \def MBEDTLS_SSL_EARLY_DATA
539 *
540 * Enable support for RFC 8446 TLS 1.3 early data.
541 *
542 * Requires: MBEDTLS_SSL_SESSION_TICKETS and either
543 * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
544 * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
545 *
546 * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
547 * is not enabled, this option does not have any effect on the build.
548 *
549 * \note The maximum amount of early data can be set with
550 * MBEDTLS_SSL_MAX_EARLY_DATA_SIZE.
551 *
552 */
553//#define MBEDTLS_SSL_EARLY_DATA
554
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200555/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100556 *
557 * Enable support for Encrypt-then-MAC, RFC 7366.
558 *
559 * This allows peers that both support it to use a more robust protection for
560 * ciphersuites using CBC, providing deep resistance against timing attacks
561 * on the padding or underlying cipher.
562 *
563 * This only affects CBC ciphersuites, and is useless if none is defined.
564 *
TRodziewicz0f82ec62021-05-12 17:49:18 +0200565 * Requires: MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100566 *
567 * Comment this macro to disable support for Encrypt-then-MAC
568 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200569#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100570
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200571/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200572 *
Manuel Pégourié-Gonnardbca8aa02020-03-24 12:11:49 +0100573 * Enable support for RFC 7627: Session Hash and Extended Master Secret
574 * Extension.
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200575 *
Shaun Case8b0ecbc2021-12-20 21:14:10 -0800576 * This was introduced as "the proper fix" to the Triple Handshake family of
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200577 * attacks, but it is recommended to always use it (even if you disable
578 * renegotiation), since it actually fixes a more fundamental issue in the
579 * original SSL/TLS design, and has implications beyond Triple Handshake.
580 *
TRodziewicz0f82ec62021-05-12 17:49:18 +0200581 * Requires: MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard769c6b62014-10-28 14:13:55 +0100582 *
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200583 * Comment this macro to disable support for Extended Master Secret.
584 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200585#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200586
Paul Bakkerd66f0702013-01-31 16:57:45 +0100587/**
Hanno Beckerbb278f52019-02-05 17:04:00 +0000588 * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
589 *
Hanno Beckerfd7f2982019-02-25 10:13:33 +0000590 * This option controls the availability of the API mbedtls_ssl_get_peer_cert()
Hanno Beckerbb278f52019-02-05 17:04:00 +0000591 * giving access to the peer's certificate after completion of the handshake.
592 *
593 * Unless you need mbedtls_ssl_peer_cert() in your application, it is
594 * recommended to disable this option for reduced RAM usage.
595 *
596 * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still
597 * defined, but always returns \c NULL.
598 *
599 * \note This option has no influence on the protection against the
600 * triple handshake attack. Even if it is disabled, Mbed TLS will
601 * still ensure that certificates do not change during renegotiation,
Shaun Case8b0ecbc2021-12-20 21:14:10 -0800602 * for example by keeping a hash of the peer's certificate.
Hanno Beckerbb278f52019-02-05 17:04:00 +0000603 *
Tom Cosgroveafb2fe12022-06-29 16:36:12 +0100604 * \note This option is required if MBEDTLS_SSL_PROTO_TLS1_3 is set.
Hanno Beckerbb278f52019-02-05 17:04:00 +0000605 *
606 * Comment this macro to disable storing the peer's certificate
607 * after the handshake.
608 */
609#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
610
611/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200612 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Paul Bakker05decb22013-08-15 13:33:48 +0200613 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200614 * Enable support for RFC 6066 max_fragment_length extension in SSL.
Paul Bakker05decb22013-08-15 13:33:48 +0200615 *
616 * Comment this macro to disable support for the max_fragment_length extension
617 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200618#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Paul Bakker05decb22013-08-15 13:33:48 +0200619
620/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000621 * \def MBEDTLS_SSL_PROTO_DTLS
Jan Bruckner151f6422023-02-10 12:45:19 +0100622 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000623 * Enable support for DTLS (all available versions).
Jan Bruckner151f6422023-02-10 12:45:19 +0100624 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000625 * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
Jan Bruckner151f6422023-02-10 12:45:19 +0100626 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000627 * Requires: MBEDTLS_SSL_PROTO_TLS1_2
628 *
629 * Comment this macro to disable support for DTLS
Jan Bruckner151f6422023-02-10 12:45:19 +0100630 */
Minos Galanakis80e76b62024-12-12 15:46:29 +0000631#define MBEDTLS_SSL_PROTO_DTLS
Jan Bruckner151f6422023-02-10 12:45:19 +0100632
633/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200634 * \def MBEDTLS_SSL_PROTO_TLS1_2
Paul Bakkerd2f068e2013-08-27 21:19:20 +0200635 *
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +0100636 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
Paul Bakkerd2f068e2013-08-27 21:19:20 +0200637 *
Janos Follath277bba82024-11-19 16:14:00 +0000638 * Requires: PSA_WANT_ALG_SHA_256 or PSA_WANT_ALG_SHA_384
Andrzej Kureke02da812022-08-17 17:04:49 -0400639 *
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +0100640 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
Paul Bakkerd2f068e2013-08-27 21:19:20 +0200641 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200642#define MBEDTLS_SSL_PROTO_TLS1_2
Paul Bakkerd2f068e2013-08-27 21:19:20 +0200643
644/**
Ronald Cron6f135e12021-12-08 16:57:54 +0100645 * \def MBEDTLS_SSL_PROTO_TLS1_3
Hanno Becker9fc15ea2020-05-04 12:00:47 +0100646 *
Ronald Cron6f135e12021-12-08 16:57:54 +0100647 * Enable support for TLS 1.3.
Hanno Becker9fc15ea2020-05-04 12:00:47 +0100648 *
Gilles Peskineda69eaa2023-09-05 20:54:17 +0200649 * \note See docs/architecture/tls13-support.md for a description of the TLS
Ronald Cron6f135e12021-12-08 16:57:54 +0100650 * 1.3 support that this option enables.
Hanno Becker9fc15ea2020-05-04 12:00:47 +0100651 *
Tom Cosgroveafb2fe12022-06-29 16:36:12 +0100652 * Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
Manuel Pégourié-Gonnard3e830982022-05-11 13:27:44 +0200653 * Requires: MBEDTLS_PSA_CRYPTO_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100654 *
Hanno Becker9fc15ea2020-05-04 12:00:47 +0100655 * Uncomment this macro to enable the support for TLS 1.3.
Hanno Becker9fc15ea2020-05-04 12:00:47 +0100656 */
Ronald Cron27eb68d2024-03-15 16:13:37 +0100657#define MBEDTLS_SSL_PROTO_TLS1_3
Hanno Becker9fc15ea2020-05-04 12:00:47 +0100658
659/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000660 * \def MBEDTLS_SSL_RECORD_SIZE_LIMIT
661 *
662 * Enable support for RFC 8449 record_size_limit extension in SSL (TLS 1.3 only).
663 *
664 * Requires: MBEDTLS_SSL_PROTO_TLS1_3
665 *
666 * Uncomment this macro to enable support for the record_size_limit extension
667 */
668//#define MBEDTLS_SSL_RECORD_SIZE_LIMIT
669
Max Fillinger7577c9e2025-01-17 14:10:08 +0100670/**
Max Fillinger2fe35f62024-10-25 00:52:24 +0200671 * \def MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
672 *
673 * When this option is enabled, the client and server can extract additional
674 * shared symmetric keys after an SSL handshake using the function
675 * mbedtls_ssl_export_keying_material().
676 *
677 * The process for deriving the keys is specified in RFC 5705 for TLS 1.2 and
678 * in RFC 8446, Section 7.5, for TLS 1.3.
679 *
Max Fillinger51bec542024-10-28 13:14:39 +0100680 * Comment this macro to disable mbedtls_ssl_export_keying_material().
Max Fillinger2fe35f62024-10-25 00:52:24 +0200681 */
Max Fillinger51bec542024-10-28 13:14:39 +0100682#define MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
Max Fillinger2fe35f62024-10-25 00:52:24 +0200683
Minos Galanakis80e76b62024-12-12 15:46:29 +0000684/**
685 * \def MBEDTLS_SSL_RENEGOTIATION
686 *
687 * Enable support for TLS renegotiation.
688 *
689 * The two main uses of renegotiation are (1) refresh keys on long-lived
690 * connections and (2) client authentication after the initial handshake.
691 * If you don't need renegotiation, it's probably better to disable it, since
692 * it has been associated with security issues in the past and is easy to
693 * misuse/misunderstand.
694 *
695 * Requires: MBEDTLS_SSL_PROTO_TLS1_2
696 *
697 * Comment this to disable support for renegotiation.
698 *
699 * \note Even if this option is disabled, both client and server are aware
700 * of the Renegotiation Indication Extension (RFC 5746) used to
701 * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
702 * (See \c mbedtls_ssl_conf_legacy_renegotiation for the
703 * configuration of this extension).
704 *
705 */
706#define MBEDTLS_SSL_RENEGOTIATION
707
708/**
709 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
710 *
711 * Enable support for RFC 6066 server name indication (SNI) in SSL.
712 *
713 * Requires: MBEDTLS_X509_CRT_PARSE_C
714 *
715 * Comment this macro to disable support for server name indication in SSL
716 */
717#define MBEDTLS_SSL_SERVER_NAME_INDICATION
718
719/**
720 * \def MBEDTLS_SSL_SESSION_TICKETS
721 *
722 * Enable support for RFC 5077 session tickets in SSL.
723 * Client-side, provides full support for session tickets (maintenance of a
724 * session store remains the responsibility of the application, though).
725 * Server-side, you also need to provide callbacks for writing and parsing
726 * tickets, including authenticated encryption and key management. Example
727 * callbacks are provided by MBEDTLS_SSL_TICKET_C.
728 *
729 * Comment this macro to disable support for SSL session tickets
730 */
731#define MBEDTLS_SSL_SESSION_TICKETS
732
733/**
734 * \def MBEDTLS_SSL_SRV_C
735 *
736 * Enable the SSL/TLS server code.
737 *
738 * Module: library/ssl*_server.c
739 * Caller:
740 *
741 * Requires: MBEDTLS_SSL_TLS_C
742 *
743 * \warning You must call psa_crypto_init() before doing any TLS operations.
744 *
745 * This module is required for SSL/TLS server support.
746 */
747#define MBEDTLS_SSL_SRV_C
748
749/**
750 * \def MBEDTLS_SSL_TICKET_C
751 *
752 * Enable an implementation of TLS server-side callbacks for session tickets.
753 *
754 * Module: library/ssl_ticket.c
755 * Caller:
756 *
Ronald Cron5eb9aba2025-07-22 10:58:44 +0200757 * Requires: PSA_WANT_ALG_GCM or PSA_WANT_ALG_CCM or PSA_WANT_ALG_CHACHA20_POLY1305
Minos Galanakis80e76b62024-12-12 15:46:29 +0000758 */
759#define MBEDTLS_SSL_TICKET_C
760
761/**
Ronald Cronab65c522021-11-24 10:47:20 +0100762 * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
763 *
764 * Enable TLS 1.3 middlebox compatibility mode.
765 *
766 * As specified in Section D.4 of RFC 8446, TLS 1.3 offers a compatibility
767 * mode to make a TLS 1.3 connection more likely to pass through middle boxes
768 * expecting TLS 1.2 traffic.
769 *
770 * Turning on the compatibility mode comes at the cost of a few added bytes
771 * on the wire, but it doesn't affect compatibility with TLS 1.3 implementations
772 * that don't use it. Therefore, unless transmission bandwidth is critical and
773 * you know that middlebox compatibility issues won't occur, it is therefore
774 * recommended to set this option.
775 *
776 * Comment to disable compatibility mode for TLS 1.3. If
Ronald Cron6f135e12021-12-08 16:57:54 +0100777 * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
778 * effect on the build.
Ronald Cronab65c522021-11-24 10:47:20 +0100779 *
780 */
Ronald Cron27eb68d2024-03-15 16:13:37 +0100781#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cronab65c522021-11-24 10:47:20 +0100782
783/**
Ronald Crond8d2ea52022-10-04 15:48:06 +0200784 * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
785 *
786 * Enable TLS 1.3 ephemeral key exchange mode.
787 *
Przemek Stekielce05f542023-06-15 16:44:08 +0200788 * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH
Manuel Pégourié-Gonnard4fa702a2023-03-29 12:15:24 +0200789 * MBEDTLS_X509_CRT_PARSE_C
790 * and at least one of:
Janos Follath277bba82024-11-19 16:14:00 +0000791 * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA
Ronald Cron5eb9aba2025-07-22 10:58:44 +0200792 * PSA_WANT_ALG_RSA_PSS
Ronald Crond8d2ea52022-10-04 15:48:06 +0200793 *
794 * Comment to disable support for the ephemeral key exchange mode in TLS 1.3.
795 * If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
796 * effect on the build.
797 *
798 */
799#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
800
801/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000802 * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
803 *
804 * Enable TLS 1.3 PSK key exchange mode.
805 *
806 * Comment to disable support for the PSK key exchange mode in TLS 1.3. If
807 * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
808 * effect on the build.
809 *
810 */
811#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
812
813/**
Ronald Crond8d2ea52022-10-04 15:48:06 +0200814 * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
815 *
816 * Enable TLS 1.3 PSK ephemeral key exchange mode.
817 *
Przemek Stekielce05f542023-06-15 16:44:08 +0200818 * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH
Ronald Crond8d2ea52022-10-04 15:48:06 +0200819 *
820 * Comment to disable support for the PSK ephemeral key exchange mode in
821 * TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not
822 * have any effect on the build.
823 *
824 */
825#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
826
827/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200828 * \def MBEDTLS_SSL_TLS_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000829 *
Paul Bakkere29ab062011-05-18 13:26:54 +0000830 * Enable the generic SSL/TLS code.
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000831 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000832 * Module: library/ssl_tls.c
Ronald Cronde1adee2022-03-07 16:20:30 +0100833 * Caller: library/ssl*_client.c
834 * library/ssl*_server.c
Paul Bakker5121ce52009-01-03 21:22:43 +0000835 *
Ronald Cron5eb9aba2025-07-22 10:58:44 +0200836 * Requires: PSA_WANT_ALG_SHA_256 or PSA_WANT_ALG_SHA_384
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200837 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines
Paul Bakker5690efc2011-05-26 13:16:06 +0000838 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000839 * This module is required for SSL/TLS.
840 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200841#define MBEDTLS_SSL_TLS_C
Paul Bakker5121ce52009-01-03 21:22:43 +0000842
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000843/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000844 * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000845 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000846 * When this option is enabled, the SSL buffer will be resized automatically
847 * based on the negotiated maximum fragment length in each direction.
Manuel Pégourié-Gonnard325ce092016-02-22 10:33:34 +0100848 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000849 * Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Paul Bakkerecd54fb2013-07-03 14:48:29 +0200850 */
Minos Galanakis80e76b62024-12-12 15:46:29 +0000851//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
Paul Bakker5121ce52009-01-03 21:22:43 +0000852
Minos Galanakis80e76b62024-12-12 15:46:29 +0000853//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 or 384 bits) */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200854//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
Minos Galanakis80e76b62024-12-12 15:46:29 +0000855//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
Angus Grattond8213d02016-05-25 20:56:48 +1000856
Gilles Peskined3d02902020-03-04 21:35:27 +0100857/** \def MBEDTLS_SSL_CID_IN_LEN_MAX
858 *
859 * The maximum length of CIDs used for incoming DTLS messages.
860 *
861 */
862//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
863
864/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX
865 *
866 * The maximum length of CIDs used for outgoing DTLS messages.
867 *
868 */
869//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
870
TRodziewicze8dd7092021-05-12 14:19:11 +0200871/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
Gilles Peskined3d02902020-03-04 21:35:27 +0100872 *
873 * This option controls the use of record plaintext padding
TRodziewicz1e660ed2021-05-26 17:08:54 +0200874 * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2.
Hanno Becker13996922020-05-28 16:15:19 +0100875 *
876 * The padding will always be chosen so that the length of the
877 * padded plaintext is a multiple of the value of this option.
878 *
879 * Note: A value of \c 1 means that no padding will be used
880 * for outgoing records.
881 *
882 * Note: On systems lacking division instructions,
883 * a power of two should be preferred.
884 */
TRodziewicze8dd7092021-05-12 14:19:11 +0200885//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
Hanno Becker13996922020-05-28 16:15:19 +0100886
Minos Galanakis80e76b62024-12-12 15:46:29 +0000887/**
888 * Complete list of ciphersuites to use, in order of preference.
889 *
890 * \warning No dependency checking is done on that field! This option can only
891 * be used to restrict the set of available ciphersuites. It is your
892 * responsibility to make sure the needed modules are active.
893 *
894 * Use this to save a few hundred bytes of ROM (default ordering of all
895 * available ciphersuites) and a few to a few hundred bytes of RAM.
896 *
897 * The value below is only an example, not the default.
898 */
899//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
900
901//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
902
903/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING
904 *
905 * Maximum number of heap-allocated bytes for the purpose of
906 * DTLS handshake message reassembly and future message buffering.
907 *
908 * This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN
909 * to account for a reassembled handshake message of maximum size,
910 * together with its reassembly bitmap.
911 *
912 * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default)
913 * should be sufficient for all practical situations as it allows
914 * to reassembly a large handshake message (such as a certificate)
915 * while buffering multiple smaller handshake messages.
916 *
917 */
918//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
919
920/** \def MBEDTLS_SSL_IN_CONTENT_LEN
921 *
922 * Maximum length (in bytes) of incoming plaintext fragments.
923 *
924 * This determines the size of the incoming TLS I/O buffer in such a way
925 * that it is capable of holding the specified amount of plaintext data,
926 * regardless of the protection mechanism used.
927 *
928 * \note When using a value less than the default of 16KB on the client, it is
929 * recommended to use the Maximum Fragment Length (MFL) extension to
930 * inform the server about this limitation. On the server, there
931 * is no supported, standardized way of informing the client about
932 * restriction on the maximum size of incoming messages, and unless
933 * the limitation has been communicated by other means, it is recommended
934 * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
935 * while keeping the default value of 16KB for the incoming buffer.
936 *
937 * Uncomment to set the maximum plaintext size of the incoming I/O buffer.
938 */
939//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
940
941/**
942 * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
943 *
944 * The default maximum amount of 0-RTT data. See the documentation of
945 * \c mbedtls_ssl_conf_max_early_data_size() for more information.
946 *
947 * It must be positive and smaller than UINT32_MAX.
948 *
949 * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
950 * have any impact on the build.
951 */
952//#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024
953
Angus Grattond8213d02016-05-25 20:56:48 +1000954/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
955 *
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500956 * Maximum length (in bytes) of outgoing plaintext fragments.
Angus Grattond8213d02016-05-25 20:56:48 +1000957 *
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500958 * This determines the size of the outgoing TLS I/O buffer in such a way
959 * that it is capable of holding the specified amount of plaintext data,
960 * regardless of the protection mechanism used.
961 *
Angus Grattond8213d02016-05-25 20:56:48 +1000962 * It is possible to save RAM by setting a smaller outward buffer, while keeping
963 * the default inward 16384 byte buffer to conform to the TLS specification.
964 *
965 * The minimum required outward buffer size is determined by the handshake
966 * protocol's usage. Handshaking will fail if the outward buffer is too small.
967 * The specific size requirement depends on the configured ciphers and any
968 * certificate data which is sent during the handshake.
969 *
David Horstmann95d516f2021-05-04 18:36:56 +0100970 * Uncomment to set the maximum plaintext size of the outgoing I/O buffer.
Angus Grattond8213d02016-05-25 20:56:48 +1000971 */
972//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
973
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200974/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000975 * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200976 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000977 * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server
978 * after handshake completion. This is not used in TLS 1.2 and relevant only if
979 * the MBEDTLS_SSL_SESSION_TICKETS option is enabled.
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200980 *
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200981 */
Minos Galanakis80e76b62024-12-12 15:46:29 +0000982//#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
Tom Cosgrovea63775b2023-09-14 13:31:19 +0100983
984/**
Gilles Peskinea8d7e432022-08-04 23:39:41 +0200985 * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
986 *
Jerry Yucf913512023-11-14 11:06:52 +0800987 * Maximum allowed ticket age difference in milliseconds tolerated between
Jerry Yu034a8b72023-11-10 12:20:19 +0800988 * server and client. Default value is 6000. This is not used in TLS 1.2.
Gilles Peskinea8d7e432022-08-04 23:39:41 +0200989 *
Jerry Yu034a8b72023-11-10 12:20:19 +0800990 * - The client ticket age is the time difference between the time when the
991 * client proposes to the server to use the ticket and the time the client
992 * received the ticket from the server.
993 * - The server ticket age is the time difference between the time when the
994 * server receives a proposition from the client to use the ticket and the
995 * time when the ticket was created by the server.
996 *
Jerry Yucf913512023-11-14 11:06:52 +0800997 * The ages might be different due to the client and server clocks not running
998 * at the same pace. The typical accuracy of an RTC crystal is ±100 to ±20 parts
999 * per million (360 to 72 milliseconds per hour). Default tolerance window is
1000 * 6s, thus in the worst case clients and servers must sync up their system time
1001 * every 6000/360/2~=8 hours.
Gilles Peskinea8d7e432022-08-04 23:39:41 +02001002 *
Jerry Yu04fceb72023-11-15 09:52:46 +08001003 * See section 8.3 of the TLS 1.3 specification(RFC 8446) for more information.
Gilles Peskinea8d7e432022-08-04 23:39:41 +02001004 */
Gilles Peskined65ea422023-09-05 21:07:32 +02001005//#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
Gilles Peskinea8d7e432022-08-04 23:39:41 +02001006
Minos Galanakis1bf85a82024-12-12 16:29:38 +00001007/**
1008 * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
1009 *
1010 * Size in bytes of a ticket nonce. This is not used in TLS 1.2.
1011 *
1012 * This must be less than 256.
1013 */
1014//#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
1015
Minos Galanakis80e76b62024-12-12 15:46:29 +00001016/** \} name SECTION: TLS feature selection */
1017
Gilles Peskinea8d7e432022-08-04 23:39:41 +02001018/**
Minos Galanakis80e76b62024-12-12 15:46:29 +00001019 * \name SECTION: X.509 feature selection
Gilles Peskinea8d7e432022-08-04 23:39:41 +02001020 *
Minos Galanakis80e76b62024-12-12 15:46:29 +00001021 * This section sets Certificate related options.
1022 * \{
Gilles Peskinea8d7e432022-08-04 23:39:41 +02001023 */
Minos Galanakis80e76b62024-12-12 15:46:29 +00001024
1025/**
1026 * \def MBEDTLS_PKCS7_C
1027 *
1028 * Enable PKCS #7 core for using PKCS #7-formatted signatures.
1029 * RFC Link - https://tools.ietf.org/html/rfc2315
1030 *
1031 * Module: library/pkcs7.c
1032 *
Gilles Peskine02ec5852025-05-12 20:52:07 +02001033 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_PK_PARSE_C,
Minos Galanakis80e76b62024-12-12 15:46:29 +00001034 * MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C,
1035 * MBEDTLS_BIGNUM_C, MBEDTLS_MD_C
1036 *
1037 * This module is required for the PKCS #7 parsing modules.
1038 */
1039#define MBEDTLS_PKCS7_C
1040
1041/**
1042 * \def MBEDTLS_X509_CREATE_C
1043 *
1044 * Enable X.509 core for creating certificates.
1045 *
1046 * Module: library/x509_create.c
1047 *
Gilles Peskine02ec5852025-05-12 20:52:07 +02001048 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_PK_PARSE_C,
Minos Galanakis80e76b62024-12-12 15:46:29 +00001049 *
1050 * \warning You must call psa_crypto_init() before doing any X.509 operation.
1051 *
1052 * This module is the basis for creating X.509 certificates and CSRs.
1053 */
1054#define MBEDTLS_X509_CREATE_C
1055
1056/**
1057 * \def MBEDTLS_X509_CRL_PARSE_C
1058 *
1059 * Enable X.509 CRL parsing.
1060 *
1061 * Module: library/x509_crl.c
1062 * Caller: library/x509_crt.c
1063 *
1064 * Requires: MBEDTLS_X509_USE_C
1065 *
1066 * This module is required for X.509 CRL parsing.
1067 */
1068#define MBEDTLS_X509_CRL_PARSE_C
1069
1070/**
1071 * \def MBEDTLS_X509_CRT_PARSE_C
1072 *
1073 * Enable X.509 certificate parsing.
1074 *
1075 * Module: library/x509_crt.c
1076 * Caller: library/ssl_tls.c
1077 * library/ssl*_client.c
1078 * library/ssl*_server.c
1079 *
1080 * Requires: MBEDTLS_X509_USE_C
1081 *
1082 * This module is required for X.509 certificate parsing.
1083 */
1084#define MBEDTLS_X509_CRT_PARSE_C
1085
1086/**
1087 * \def MBEDTLS_X509_CRT_WRITE_C
1088 *
1089 * Enable creating X.509 certificates.
1090 *
1091 * Module: library/x509_crt_write.c
1092 *
1093 * Requires: MBEDTLS_X509_CREATE_C
1094 *
1095 * This module is required for X.509 certificate creation.
1096 */
1097#define MBEDTLS_X509_CRT_WRITE_C
1098
1099/**
1100 * \def MBEDTLS_X509_CSR_PARSE_C
1101 *
1102 * Enable X.509 Certificate Signing Request (CSR) parsing.
1103 *
1104 * Module: library/x509_csr.c
1105 * Caller: library/x509_crt_write.c
1106 *
1107 * Requires: MBEDTLS_X509_USE_C
1108 *
1109 * This module is used for reading X.509 certificate request.
1110 */
1111#define MBEDTLS_X509_CSR_PARSE_C
1112
1113/**
1114 * \def MBEDTLS_X509_CSR_WRITE_C
1115 *
1116 * Enable creating X.509 Certificate Signing Requests (CSR).
1117 *
1118 * Module: library/x509_csr_write.c
1119 *
1120 * Requires: MBEDTLS_X509_CREATE_C
1121 *
1122 * This module is required for X.509 certificate request writing.
1123 */
1124#define MBEDTLS_X509_CSR_WRITE_C
1125
1126/**
1127 * \def MBEDTLS_X509_REMOVE_INFO
1128 *
1129 * Disable mbedtls_x509_*_info() and related APIs.
1130 *
1131 * Uncomment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt()
1132 * and other functions/constants only used by these functions, thus reducing
1133 * the code footprint by several KB.
1134 */
1135//#define MBEDTLS_X509_REMOVE_INFO
1136
1137/**
1138 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
1139 *
1140 * Enable parsing and verification of X.509 certificates, CRLs and CSRS
1141 * signed with RSASSA-PSS (aka PKCS#1 v2.1).
1142 *
Ronald Cron5eb9aba2025-07-22 10:58:44 +02001143 * Requires: PSA_WANT_ALG_RSA_PSS
Minos Galanakis80e76b62024-12-12 15:46:29 +00001144 *
1145 * Comment this macro to disallow using RSASSA-PSS in certificates.
1146 */
1147#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
1148
1149/**
1150 * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
1151 *
1152 * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()`
1153 * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure
1154 * the set of trusted certificates through a callback instead of a linked
1155 * list.
1156 *
1157 * This is useful for example in environments where a large number of trusted
1158 * certificates is present and storing them in a linked list isn't efficient
1159 * enough, or when the set of trusted certificates changes frequently.
1160 *
1161 * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and
1162 * `mbedtls_ssl_conf_ca_cb()` for more information.
1163 *
1164 * Requires: MBEDTLS_X509_CRT_PARSE_C
1165 *
1166 * Uncomment to enable trusted certificate callbacks.
1167 */
1168//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
1169
1170/**
1171 * \def MBEDTLS_X509_USE_C
1172 *
1173 * Enable X.509 core for using certificates.
1174 *
1175 * Module: library/x509.c
1176 * Caller: library/x509_crl.c
1177 * library/x509_crt.c
1178 * library/x509_csr.c
1179 *
Gilles Peskine02ec5852025-05-12 20:52:07 +02001180 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_PK_PARSE_C
Minos Galanakis80e76b62024-12-12 15:46:29 +00001181 *
1182 * \warning You must call psa_crypto_init() before doing any X.509 operation.
1183 *
1184 * This module is required for the X.509 parsing modules.
1185 */
1186#define MBEDTLS_X509_USE_C
1187
1188//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
1189//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
1190
1191/** \} name SECTION: X.509 feature selection */