blob: e79911428a0e9fd0a0a1a3d8a6cc12c3dbfddc06 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +00001/**
Bence Szépkútibb0cfeb2021-05-28 09:42:25 +02002 * \file mbedtls_config.h
Paul Bakker5121ce52009-01-03 21:22:43 +00003 *
Paul Bakker37ca75d2011-01-06 12:28:03 +00004 * \brief Configuration options (set of defines)
5 *
Simon Butcher5b331b92016-01-03 16:14:14 +00006 * This set of compile-time options may be used to enable
7 * or disable features selectively, and reduce the global
8 * memory footprint.
Darryl Greena40a1012018-01-05 15:33:17 +00009 */
10/*
Bence Szépkúti1e148272020-08-07 13:07:28 +020011 * Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +000012 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Manuel Pégourié-Gonnarde2b0efe2015-08-11 10:38:37 +020013 */
14
Bence Szépkúti2bb74562021-06-21 16:19:00 +020015/**
Tom Cosgrove1e211442022-05-26 11:51:00 +010016 * This is an optional version symbol that enables compatibility handling of
Bence Szépkúti2bb74562021-06-21 16:19:00 +020017 * config files.
18 *
Bence Szépkúti1b2a8832021-06-28 10:26:11 +010019 * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that
Bence Szépkúti2bb74562021-06-21 16:19:00 +020020 * introduced the config format we want to be compatible with.
21 */
Bence Szépkúti1cafe5c2021-06-22 09:30:08 +020022//#define MBEDTLS_CONFIG_VERSION 0x03000000
Bence Szépkútiba7248a2021-05-31 16:53:56 +020023
Paul Bakkerf3b86c12011-01-27 15:24:17 +000024/**
Minos Galanakisacd560f2024-12-12 15:30:05 +000025 * \name SECTION: Platform abstraction layer
26 *
27 * This section sets platform specific settings.
28 * \{
29 */
30
Minos Galanakisacd560f2024-12-12 15:30:05 +000031/**
Minos Galanakis80e76b62024-12-12 15:46:29 +000032 * \def MBEDTLS_NET_C
Minos Galanakisacd560f2024-12-12 15:30:05 +000033 *
Minos Galanakis80e76b62024-12-12 15:46:29 +000034 * Enable the TCP and UDP over IPv6/IPv4 networking routines.
Minos Galanakisacd560f2024-12-12 15:30:05 +000035 *
Minos Galanakis80e76b62024-12-12 15:46:29 +000036 * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
37 * and Windows. For other platforms, you'll want to disable it, and write your
38 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
Minos Galanakisacd560f2024-12-12 15:30:05 +000039 *
Minos Galanakis80e76b62024-12-12 15:46:29 +000040 * \note See also our Knowledge Base article about porting to a new
41 * environment:
42 * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
Paul Bakker0a62cd12011-01-21 11:00:08 +000043 *
Minos Galanakis80e76b62024-12-12 15:46:29 +000044 * Module: library/net_sockets.c
45 *
46 * This module provides networking routines.
Paul Bakker0a62cd12011-01-21 11:00:08 +000047 */
Minos Galanakis80e76b62024-12-12 15:46:29 +000048#define MBEDTLS_NET_C
Paul Bakker5121ce52009-01-03 21:22:43 +000049
Paul Bakkerf3b86c12011-01-27 15:24:17 +000050/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020051 * \def MBEDTLS_TIMING_ALT
Paul Bakkerf2561b32014-02-06 15:11:55 +010052 *
TRodziewiczd8540832021-06-10 15:16:50 +020053 * Uncomment to provide your own alternate implementation for
Manuel Pégourié-Gonnarda63bc942015-05-14 18:22:47 +020054 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
Paul Bakkerf2561b32014-02-06 15:11:55 +010055 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020056 * Only works if you have MBEDTLS_TIMING_C enabled.
Paul Bakkerf2561b32014-02-06 15:11:55 +010057 *
58 * You will need to provide a header "timing_alt.h" and an implementation at
59 * compile time.
60 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020061//#define MBEDTLS_TIMING_ALT
Paul Bakkerf2561b32014-02-06 15:11:55 +010062
Paul Bakker90995b52013-06-24 19:20:35 +020063/**
Minos Galanakis80e76b62024-12-12 15:46:29 +000064 * \def MBEDTLS_TIMING_C
Paul Bakkerd4a56ec2013-04-16 18:05:29 +020065 *
Minos Galanakis80e76b62024-12-12 15:46:29 +000066 * Enable the semi-portable timing interface.
Paul Bakkerd4a56ec2013-04-16 18:05:29 +020067 *
Minos Galanakis80e76b62024-12-12 15:46:29 +000068 * \note The provided implementation only works on POSIX/Unix (including Linux,
69 * BSD and OS X) and Windows. On other platforms, you can either disable that
70 * module and provide your own implementations of the callbacks needed by
71 * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
72 * your own implementation of the whole module by setting
73 * \c MBEDTLS_TIMING_ALT in the current file.
74 *
75 * \note The timing module will include time.h on suitable platforms
76 * regardless of the setting of MBEDTLS_HAVE_TIME, unless
77 * MBEDTLS_TIMING_ALT is used. See timing.c for more information.
78 *
79 * \note See also our Knowledge Base article about porting to a new
80 * environment:
81 * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
82 *
83 * Module: library/timing.c
Paul Bakkerd4a56ec2013-04-16 18:05:29 +020084 */
Minos Galanakis80e76b62024-12-12 15:46:29 +000085#define MBEDTLS_TIMING_C
86
87/** \} name SECTION: Platform abstraction layer */
88
89/**
90 * \name SECTION: General configuration options
91 *
Minos Galanakis1bf85a82024-12-12 16:29:38 +000092 * This section contains Mbed TLS build settings that are not associated
93 * with a particular module.
Minos Galanakis80e76b62024-12-12 15:46:29 +000094 * \{
95 */
96
97/**
98 * \def MBEDTLS_ERROR_C
99 *
100 * Enable error code to error string conversion.
101 *
102 * Module: library/error.c
103 * Caller:
104 *
105 * This module enables mbedtls_strerror().
106 */
107#define MBEDTLS_ERROR_C
108
109/**
110 * \def MBEDTLS_ERROR_STRERROR_DUMMY
111 *
112 * Enable a dummy error function to make use of mbedtls_strerror() in
113 * third party libraries easier when MBEDTLS_ERROR_C is disabled
114 * (no effect when MBEDTLS_ERROR_C is enabled).
115 *
116 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
117 * not using mbedtls_strerror() or error_strerror() in your application.
118 *
119 * Disable if you run into name conflicts and want to really remove the
120 * mbedtls_strerror()
121 */
122#define MBEDTLS_ERROR_STRERROR_DUMMY
123
124/**
125 * \def MBEDTLS_VERSION_C
126 *
127 * Enable run-time version information.
128 *
129 * Module: library/version.c
130 *
131 * This module provides run-time version information.
132 */
133#define MBEDTLS_VERSION_C
134
135/**
136 * \def MBEDTLS_VERSION_FEATURES
137 *
138 * Allow run-time checking of compile-time enabled features. Thus allowing users
139 * to check at run-time if the library is for instance compiled with threading
140 * support via mbedtls_version_check_feature().
141 *
142 * Requires: MBEDTLS_VERSION_C
143 *
144 * Comment this to disable run-time checking and save ROM space
145 */
146#define MBEDTLS_VERSION_FEATURES
147
148/**
149 * \def MBEDTLS_CONFIG_FILE
150 *
151 * If defined, this is a header which will be included instead of
152 * `"mbedtls/mbedtls_config.h"`.
153 * This header file specifies the compile-time configuration of Mbed TLS.
154 * Unlike other configuration options, this one must be defined on the
155 * compiler command line: a definition in `mbedtls_config.h` would have
156 * no effect.
157 *
158 * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
159 * non-standard feature of the C language, so this feature is only available
160 * with compilers that perform macro expansion on an <tt>\#include</tt> line.
161 *
162 * The value of this symbol is typically a path in double quotes, either
163 * absolute or relative to a directory on the include search path.
164 */
165//#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h"
166
167/**
168 * \def MBEDTLS_USER_CONFIG_FILE
169 *
170 * If defined, this is a header which will be included after
171 * `"mbedtls/mbedtls_config.h"` or #MBEDTLS_CONFIG_FILE.
172 * This allows you to modify the default configuration, including the ability
173 * to undefine options that are enabled by default.
174 *
175 * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
176 * non-standard feature of the C language, so this feature is only available
177 * with compilers that perform macro expansion on an <tt>\#include</tt> line.
178 *
179 * The value of this symbol is typically a path in double quotes, either
180 * absolute or relative to a directory on the include search path.
181 */
182//#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
183
184/** \} name SECTION: General configuration options */
185
186/**
187 * \name SECTION: TLS feature selection
188 *
Minos Galanakis1bf85a82024-12-12 16:29:38 +0000189 * This section sets support for features that are or are not needed
190 * within the modules that are enabled.
Minos Galanakis80e76b62024-12-12 15:46:29 +0000191 * \{
192 */
193
194/**
Ronald Cron0dd31fe2025-09-10 09:37:46 +0200195 * \def MBEDTLS_SSL_NULL_CIPHERSUITES
196 *
197 * Enable ciphersuites without encryption.
198 *
199 * Warning: Only do so when you know what you are doing. This allows for
200 * channels without any encryption. All data are transmitted in clear.
201 *
202 * Uncomment this macro to enable the NULL ciphersuites
203 */
204//#define MBEDTLS_SSL_NULL_CIPHERSUITES
205
206/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000207 * \def MBEDTLS_DEBUG_C
208 *
209 * Enable the debug functions.
210 *
211 * Module: library/debug.c
212 * Caller: library/ssl_msg.c
213 * library/ssl_tls.c
214 * library/ssl_tls12_*.c
215 * library/ssl_tls13_*.c
216 *
217 * This module provides debugging functions.
218 */
219#define MBEDTLS_DEBUG_C
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200220
221/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000222 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
223 *
224 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
225 *
226 * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH
227 * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA
228 * MBEDTLS_X509_CRT_PARSE_C
229 *
230 * This enables the following ciphersuites (if other requisites are
231 * enabled as well):
232 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
233 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
234 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
235 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
236 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
237 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
238 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
239 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
240 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
241 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
242 */
243#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
244
245/**
246 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
247 *
248 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
249 *
250 * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH
251 *
252 * This enables the following ciphersuites (if other requisites are
253 * enabled as well):
254 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
255 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
256 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
257 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
258 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
259 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
260 */
261#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
262
263/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200264 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200265 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200266 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
Paul Bakkere07f41d2013-04-19 09:08:57 +0200267 *
Janos Follath277bba82024-11-19 16:14:00 +0000268 * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH
Manuel Pégourié-Gonnard4fa702a2023-03-29 12:15:24 +0200269 * MBEDTLS_RSA_C
Ronald Cron5eb9aba2025-07-22 10:58:44 +0200270 * PSA_WANT_ALG_RSA_PKCS1V15_SIGN
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200271 * MBEDTLS_X509_CRT_PARSE_C
Paul Bakkere07f41d2013-04-19 09:08:57 +0200272 *
273 * This enables the following ciphersuites (if other requisites are
274 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200275 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
276 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
277 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
278 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
279 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
280 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
281 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
282 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
283 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
284 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
Paul Bakkere07f41d2013-04-19 09:08:57 +0200285 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200286#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200287
288/**
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +0200289 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
290 *
291 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
292 *
Manuel Pégourié-Gonnard75df9022015-09-16 23:21:01 +0200293 * \warning This is currently experimental. EC J-PAKE support is based on the
294 * Thread v1.0.0 specification; incompatible changes to the specification
295 * might still happen. For this reason, this is disabled by default.
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +0200296 *
Janos Follath277bba82024-11-19 16:14:00 +0000297 * Requires: MBEDTLS_ECJPAKE_C or PSA_WANT_ALG_JPAKE
Ronald Cron5eb9aba2025-07-22 10:58:44 +0200298 * PSA_WANT_ALG_SHA_256
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +0200299 * MBEDTLS_ECP_DP_SECP256R1_ENABLED
300 *
301 * This enables the following ciphersuites (if other requisites are
302 * enabled as well):
303 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
304 */
Manuel Pégourié-Gonnardcf828932015-10-20 14:57:00 +0200305//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +0200306
307/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000308 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
Paul Bakker8fe40dc2013-02-02 12:43:08 +0100309 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000310 * Enable the PSK based ciphersuite modes in SSL / TLS.
Manuel Pégourié-Gonnarddc16aa72014-06-25 12:55:12 +0200311 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000312 * This enables the following ciphersuites (if other requisites are
313 * enabled as well):
314 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
315 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
316 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
317 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
318 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
319 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
320 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
321 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
322 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
323 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
Paul Bakker8fe40dc2013-02-02 12:43:08 +0100324 */
Minos Galanakis80e76b62024-12-12 15:46:29 +0000325#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
326
327/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200328 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
Paul Bakker40865c82013-01-31 17:13:13 +0100329 *
330 * Enable sending of alert messages in case of encountered errors as per RFC.
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200331 * If you choose not to send the alert messages, Mbed TLS can still communicate
Paul Bakker40865c82013-01-31 17:13:13 +0100332 * with other servers, only debugging of failures is harder.
333 *
334 * The advantage of not sending alert messages, is that no information is given
335 * about reasons for failures thus preventing adversaries of gaining intel.
336 *
337 * Enable sending of all alert messages
338 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200339#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
Paul Bakker40865c82013-01-31 17:13:13 +0100340
341/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000342 * \def MBEDTLS_SSL_ALPN
Gilles Peskined3d02902020-03-04 21:35:27 +0100343 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000344 * Enable support for RFC 7301 Application Layer Protocol Negotiation.
Gilles Peskined3d02902020-03-04 21:35:27 +0100345 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000346 * Comment this macro to disable support for ALPN.
Gilles Peskined3d02902020-03-04 21:35:27 +0100347 */
Minos Galanakis80e76b62024-12-12 15:46:29 +0000348#define MBEDTLS_SSL_ALPN
Gilles Peskined3d02902020-03-04 21:35:27 +0100349
350/**
Gilles Peskineb74a1c72018-04-24 13:09:22 +0200351 * \def MBEDTLS_SSL_ASYNC_PRIVATE
352 *
353 * Enable asynchronous external private key operations in SSL. This allows
354 * you to configure an SSL connection to call an external cryptographic
355 * module to perform private key operations instead of performing the
356 * operation inside the library.
357 *
Valerio Setti8841d6b2023-01-05 08:40:24 +0100358 * Requires: MBEDTLS_X509_CRT_PARSE_C
Gilles Peskineb74a1c72018-04-24 13:09:22 +0200359 */
Jaeden Amerod9c71da2018-06-15 20:31:26 +0100360//#define MBEDTLS_SSL_ASYNC_PRIVATE
Gilles Peskineb74a1c72018-04-24 13:09:22 +0200361
362/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000363 * \def MBEDTLS_SSL_CACHE_C
364 *
365 * Enable simple SSL cache implementation.
366 *
367 * Module: library/ssl_cache.c
368 * Caller:
369 *
370 * Requires: MBEDTLS_SSL_CACHE_C
371 */
372#define MBEDTLS_SSL_CACHE_C
373
374/**
375 * \def MBEDTLS_SSL_CLI_C
376 *
377 * Enable the SSL/TLS client code.
378 *
379 * Module: library/ssl*_client.c
380 * Caller:
381 *
382 * Requires: MBEDTLS_SSL_TLS_C
383 *
384 * \warning You must call psa_crypto_init() before doing any TLS operations.
385 *
386 * This module is required for SSL/TLS client support.
387 */
388#define MBEDTLS_SSL_CLI_C
389
390/**
Gilles Peskined3d02902020-03-04 21:35:27 +0100391 * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION
392 *
393 * Enable serialization of the TLS context structures, through use of the
394 * functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load().
395 *
396 * This pair of functions allows one side of a connection to serialize the
397 * context associated with the connection, then free or re-use that context
398 * while the serialized state is persisted elsewhere, and finally deserialize
399 * that state to a live context for resuming read/write operations on the
400 * connection. From a protocol perspective, the state of the connection is
401 * unaffected, in particular this is entirely transparent to the peer.
402 *
403 * Note: this is distinct from TLS session resumption, which is part of the
404 * protocol and fully visible by the peer. TLS session resumption enables
405 * establishing new connections associated to a saved session with shorter,
406 * lighter handshakes, while context serialization is a local optimization in
407 * handling a single, potentially long-lived connection.
408 *
409 * Enabling these APIs makes some SSL structures larger, as 64 extra bytes are
410 * saved after the handshake to allow for more efficient serialization, so if
411 * you don't need this feature you'll save RAM by disabling it.
412 *
Ronald Cron5eb9aba2025-07-22 10:58:44 +0200413 * Requires: PSA_WANT_ALG_GCM or PSA_WANT_ALG_CCM or PSA_WANT_ALG_CHACHA20_POLY1305
Przemek Stekiel460192e2022-10-03 08:55:29 +0200414 *
Gilles Peskined3d02902020-03-04 21:35:27 +0100415 * Comment to disable the context serialization APIs.
416 */
417#define MBEDTLS_SSL_CONTEXT_SERIALIZATION
418
419/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000420 * \def MBEDTLS_SSL_COOKIE_C
421 *
422 * Enable basic implementation of DTLS cookies for hello verification.
423 *
424 * Module: library/ssl_cookie.c
425 * Caller:
426 */
427#define MBEDTLS_SSL_COOKIE_C
428
429/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200430 * \def MBEDTLS_SSL_DEBUG_ALL
Paul Bakkerd66f0702013-01-31 16:57:45 +0100431 *
432 * Enable the debug messages in SSL module for all issues.
433 * Debug messages have been disabled in some places to prevent timing
434 * attacks due to (unbalanced) debugging function calls.
435 *
436 * If you need all error reporting you should enable this during debugging,
437 * but remove this for production servers that should log as well.
438 *
439 * Uncomment this macro to report all debug messages on errors introducing
440 * a timing side-channel.
441 *
Paul Bakkerd66f0702013-01-31 16:57:45 +0100442 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200443//#define MBEDTLS_SSL_DEBUG_ALL
Paul Bakkerd66f0702013-01-31 16:57:45 +0100444
Minos Galanakis80e76b62024-12-12 15:46:29 +0000445/**
446 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
447 *
448 * Enable support for the anti-replay mechanism in DTLS.
449 *
450 * Requires: MBEDTLS_SSL_TLS_C
451 * MBEDTLS_SSL_PROTO_DTLS
452 *
453 * \warning Disabling this is often a security risk!
454 * See mbedtls_ssl_conf_dtls_anti_replay() for details.
455 *
456 * Comment this to disable anti-replay in DTLS.
457 */
458#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
459
460/**
461 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
462 *
463 * Enable server-side support for clients that reconnect from the same port.
464 *
465 * Some clients unexpectedly close the connection and try to reconnect using the
466 * same source port. This needs special support from the server to handle the
467 * new connection securely, as described in section 4.2.8 of RFC 6347. This
468 * flag enables that support.
469 *
470 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
471 *
472 * Comment this to disable support for clients reusing the source port.
473 */
474#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
475
476/**
477 * \def MBEDTLS_SSL_DTLS_CONNECTION_ID
478 *
479 * Enable support for the DTLS Connection ID (CID) extension,
480 * which allows to identify DTLS connections across changes
481 * in the underlying transport. The CID functionality is described
482 * in RFC 9146.
483 *
484 * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
485 * mbedtls_ssl_get_own_cid()`, `mbedtls_ssl_get_peer_cid()` and
486 * `mbedtls_ssl_conf_cid()`. See the corresponding documentation for
487 * more information.
488 *
489 * The maximum lengths of outgoing and incoming CIDs can be configured
490 * through the options
491 * - MBEDTLS_SSL_CID_OUT_LEN_MAX
492 * - MBEDTLS_SSL_CID_IN_LEN_MAX.
493 *
494 * Requires: MBEDTLS_SSL_PROTO_DTLS
495 *
496 * Uncomment to enable the Connection ID extension.
497 */
498#define MBEDTLS_SSL_DTLS_CONNECTION_ID
499
500/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000501 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
502 *
503 * Enable support for HelloVerifyRequest on DTLS servers.
504 *
505 * This feature is highly recommended to prevent DTLS servers being used as
506 * amplifiers in DoS attacks against other hosts. It should always be enabled
507 * unless you know for sure amplification cannot be a problem in the
508 * environment in which your server operates.
509 *
510 * \warning Disabling this can be a security risk! (see above)
511 *
512 * Requires: MBEDTLS_SSL_PROTO_DTLS
513 *
514 * Comment this to disable support for HelloVerifyRequest.
515 */
516#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
517
518/**
519 * \def MBEDTLS_SSL_DTLS_SRTP
520 *
521 * Enable support for negotiation of DTLS-SRTP (RFC 5764)
522 * through the use_srtp extension.
523 *
524 * \note This feature provides the minimum functionality required
525 * to negotiate the use of DTLS-SRTP and to allow the derivation of
526 * the associated SRTP packet protection key material.
527 * In particular, the SRTP packet protection itself, as well as the
528 * demultiplexing of RTP and DTLS packets at the datagram layer
529 * (see Section 5 of RFC 5764), are not handled by this feature.
530 * Instead, after successful completion of a handshake negotiating
531 * the use of DTLS-SRTP, the extended key exporter API
532 * mbedtls_ssl_conf_export_keys_cb() should be used to implement
533 * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705
534 * (this is implemented in the SSL example programs).
535 * The resulting key should then be passed to an SRTP stack.
536 *
537 * Setting this option enables the runtime API
538 * mbedtls_ssl_conf_dtls_srtp_protection_profiles()
539 * through which the supported DTLS-SRTP protection
540 * profiles can be configured. You must call this API at
541 * runtime if you wish to negotiate the use of DTLS-SRTP.
542 *
543 * Requires: MBEDTLS_SSL_PROTO_DTLS
544 *
545 * Uncomment this to enable support for use_srtp extension.
546 */
547//#define MBEDTLS_SSL_DTLS_SRTP
548
549/**
550 * \def MBEDTLS_SSL_EARLY_DATA
551 *
552 * Enable support for RFC 8446 TLS 1.3 early data.
553 *
554 * Requires: MBEDTLS_SSL_SESSION_TICKETS and either
555 * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
556 * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
557 *
558 * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
559 * is not enabled, this option does not have any effect on the build.
560 *
561 * \note The maximum amount of early data can be set with
562 * MBEDTLS_SSL_MAX_EARLY_DATA_SIZE.
563 *
564 */
565//#define MBEDTLS_SSL_EARLY_DATA
566
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200567/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100568 *
569 * Enable support for Encrypt-then-MAC, RFC 7366.
570 *
571 * This allows peers that both support it to use a more robust protection for
572 * ciphersuites using CBC, providing deep resistance against timing attacks
573 * on the padding or underlying cipher.
574 *
575 * This only affects CBC ciphersuites, and is useless if none is defined.
576 *
TRodziewicz0f82ec62021-05-12 17:49:18 +0200577 * Requires: MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100578 *
579 * Comment this macro to disable support for Encrypt-then-MAC
580 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200581#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100582
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200583/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200584 *
Manuel Pégourié-Gonnardbca8aa02020-03-24 12:11:49 +0100585 * Enable support for RFC 7627: Session Hash and Extended Master Secret
586 * Extension.
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200587 *
Shaun Case8b0ecbc2021-12-20 21:14:10 -0800588 * This was introduced as "the proper fix" to the Triple Handshake family of
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200589 * attacks, but it is recommended to always use it (even if you disable
590 * renegotiation), since it actually fixes a more fundamental issue in the
591 * original SSL/TLS design, and has implications beyond Triple Handshake.
592 *
TRodziewicz0f82ec62021-05-12 17:49:18 +0200593 * Requires: MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard769c6b62014-10-28 14:13:55 +0100594 *
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200595 * Comment this macro to disable support for Extended Master Secret.
596 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200597#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200598
Paul Bakkerd66f0702013-01-31 16:57:45 +0100599/**
Hanno Beckerbb278f52019-02-05 17:04:00 +0000600 * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
601 *
Hanno Beckerfd7f2982019-02-25 10:13:33 +0000602 * This option controls the availability of the API mbedtls_ssl_get_peer_cert()
Hanno Beckerbb278f52019-02-05 17:04:00 +0000603 * giving access to the peer's certificate after completion of the handshake.
604 *
605 * Unless you need mbedtls_ssl_peer_cert() in your application, it is
606 * recommended to disable this option for reduced RAM usage.
607 *
608 * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still
609 * defined, but always returns \c NULL.
610 *
611 * \note This option has no influence on the protection against the
612 * triple handshake attack. Even if it is disabled, Mbed TLS will
613 * still ensure that certificates do not change during renegotiation,
Shaun Case8b0ecbc2021-12-20 21:14:10 -0800614 * for example by keeping a hash of the peer's certificate.
Hanno Beckerbb278f52019-02-05 17:04:00 +0000615 *
Tom Cosgroveafb2fe12022-06-29 16:36:12 +0100616 * \note This option is required if MBEDTLS_SSL_PROTO_TLS1_3 is set.
Hanno Beckerbb278f52019-02-05 17:04:00 +0000617 *
618 * Comment this macro to disable storing the peer's certificate
619 * after the handshake.
620 */
621#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
622
623/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200624 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Paul Bakker05decb22013-08-15 13:33:48 +0200625 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200626 * Enable support for RFC 6066 max_fragment_length extension in SSL.
Paul Bakker05decb22013-08-15 13:33:48 +0200627 *
628 * Comment this macro to disable support for the max_fragment_length extension
629 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200630#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Paul Bakker05decb22013-08-15 13:33:48 +0200631
632/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000633 * \def MBEDTLS_SSL_PROTO_DTLS
Jan Bruckner151f6422023-02-10 12:45:19 +0100634 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000635 * Enable support for DTLS (all available versions).
Jan Bruckner151f6422023-02-10 12:45:19 +0100636 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000637 * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
Jan Bruckner151f6422023-02-10 12:45:19 +0100638 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000639 * Requires: MBEDTLS_SSL_PROTO_TLS1_2
640 *
641 * Comment this macro to disable support for DTLS
Jan Bruckner151f6422023-02-10 12:45:19 +0100642 */
Minos Galanakis80e76b62024-12-12 15:46:29 +0000643#define MBEDTLS_SSL_PROTO_DTLS
Jan Bruckner151f6422023-02-10 12:45:19 +0100644
645/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200646 * \def MBEDTLS_SSL_PROTO_TLS1_2
Paul Bakkerd2f068e2013-08-27 21:19:20 +0200647 *
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +0100648 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
Paul Bakkerd2f068e2013-08-27 21:19:20 +0200649 *
Janos Follath277bba82024-11-19 16:14:00 +0000650 * Requires: PSA_WANT_ALG_SHA_256 or PSA_WANT_ALG_SHA_384
Andrzej Kureke02da812022-08-17 17:04:49 -0400651 *
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +0100652 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
Paul Bakkerd2f068e2013-08-27 21:19:20 +0200653 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200654#define MBEDTLS_SSL_PROTO_TLS1_2
Paul Bakkerd2f068e2013-08-27 21:19:20 +0200655
656/**
Ronald Cron6f135e12021-12-08 16:57:54 +0100657 * \def MBEDTLS_SSL_PROTO_TLS1_3
Hanno Becker9fc15ea2020-05-04 12:00:47 +0100658 *
Ronald Cron6f135e12021-12-08 16:57:54 +0100659 * Enable support for TLS 1.3.
Hanno Becker9fc15ea2020-05-04 12:00:47 +0100660 *
Gilles Peskineda69eaa2023-09-05 20:54:17 +0200661 * \note See docs/architecture/tls13-support.md for a description of the TLS
Ronald Cron6f135e12021-12-08 16:57:54 +0100662 * 1.3 support that this option enables.
Hanno Becker9fc15ea2020-05-04 12:00:47 +0100663 *
Tom Cosgroveafb2fe12022-06-29 16:36:12 +0100664 * Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
Manuel Pégourié-Gonnard3e830982022-05-11 13:27:44 +0200665 * Requires: MBEDTLS_PSA_CRYPTO_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100666 *
Hanno Becker9fc15ea2020-05-04 12:00:47 +0100667 * Uncomment this macro to enable the support for TLS 1.3.
Hanno Becker9fc15ea2020-05-04 12:00:47 +0100668 */
Ronald Cron27eb68d2024-03-15 16:13:37 +0100669#define MBEDTLS_SSL_PROTO_TLS1_3
Hanno Becker9fc15ea2020-05-04 12:00:47 +0100670
671/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000672 * \def MBEDTLS_SSL_RECORD_SIZE_LIMIT
673 *
674 * Enable support for RFC 8449 record_size_limit extension in SSL (TLS 1.3 only).
675 *
676 * Requires: MBEDTLS_SSL_PROTO_TLS1_3
677 *
678 * Uncomment this macro to enable support for the record_size_limit extension
679 */
680//#define MBEDTLS_SSL_RECORD_SIZE_LIMIT
681
Max Fillinger7577c9e2025-01-17 14:10:08 +0100682/**
Max Fillinger2fe35f62024-10-25 00:52:24 +0200683 * \def MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
684 *
685 * When this option is enabled, the client and server can extract additional
686 * shared symmetric keys after an SSL handshake using the function
687 * mbedtls_ssl_export_keying_material().
688 *
689 * The process for deriving the keys is specified in RFC 5705 for TLS 1.2 and
690 * in RFC 8446, Section 7.5, for TLS 1.3.
691 *
Max Fillinger51bec542024-10-28 13:14:39 +0100692 * Comment this macro to disable mbedtls_ssl_export_keying_material().
Max Fillinger2fe35f62024-10-25 00:52:24 +0200693 */
Max Fillinger51bec542024-10-28 13:14:39 +0100694#define MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
Max Fillinger2fe35f62024-10-25 00:52:24 +0200695
Minos Galanakis80e76b62024-12-12 15:46:29 +0000696/**
697 * \def MBEDTLS_SSL_RENEGOTIATION
698 *
699 * Enable support for TLS renegotiation.
700 *
701 * The two main uses of renegotiation are (1) refresh keys on long-lived
702 * connections and (2) client authentication after the initial handshake.
703 * If you don't need renegotiation, it's probably better to disable it, since
704 * it has been associated with security issues in the past and is easy to
705 * misuse/misunderstand.
706 *
707 * Requires: MBEDTLS_SSL_PROTO_TLS1_2
708 *
709 * Comment this to disable support for renegotiation.
710 *
711 * \note Even if this option is disabled, both client and server are aware
712 * of the Renegotiation Indication Extension (RFC 5746) used to
713 * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
714 * (See \c mbedtls_ssl_conf_legacy_renegotiation for the
715 * configuration of this extension).
716 *
717 */
718#define MBEDTLS_SSL_RENEGOTIATION
719
720/**
721 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
722 *
723 * Enable support for RFC 6066 server name indication (SNI) in SSL.
724 *
725 * Requires: MBEDTLS_X509_CRT_PARSE_C
726 *
727 * Comment this macro to disable support for server name indication in SSL
728 */
729#define MBEDTLS_SSL_SERVER_NAME_INDICATION
730
731/**
732 * \def MBEDTLS_SSL_SESSION_TICKETS
733 *
734 * Enable support for RFC 5077 session tickets in SSL.
735 * Client-side, provides full support for session tickets (maintenance of a
736 * session store remains the responsibility of the application, though).
737 * Server-side, you also need to provide callbacks for writing and parsing
738 * tickets, including authenticated encryption and key management. Example
739 * callbacks are provided by MBEDTLS_SSL_TICKET_C.
740 *
741 * Comment this macro to disable support for SSL session tickets
742 */
743#define MBEDTLS_SSL_SESSION_TICKETS
744
745/**
746 * \def MBEDTLS_SSL_SRV_C
747 *
748 * Enable the SSL/TLS server code.
749 *
750 * Module: library/ssl*_server.c
751 * Caller:
752 *
753 * Requires: MBEDTLS_SSL_TLS_C
754 *
755 * \warning You must call psa_crypto_init() before doing any TLS operations.
756 *
757 * This module is required for SSL/TLS server support.
758 */
759#define MBEDTLS_SSL_SRV_C
760
761/**
762 * \def MBEDTLS_SSL_TICKET_C
763 *
764 * Enable an implementation of TLS server-side callbacks for session tickets.
765 *
766 * Module: library/ssl_ticket.c
767 * Caller:
768 *
Ronald Cron5eb9aba2025-07-22 10:58:44 +0200769 * Requires: PSA_WANT_ALG_GCM or PSA_WANT_ALG_CCM or PSA_WANT_ALG_CHACHA20_POLY1305
Minos Galanakis80e76b62024-12-12 15:46:29 +0000770 */
771#define MBEDTLS_SSL_TICKET_C
772
773/**
Ronald Cronab65c522021-11-24 10:47:20 +0100774 * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
775 *
776 * Enable TLS 1.3 middlebox compatibility mode.
777 *
778 * As specified in Section D.4 of RFC 8446, TLS 1.3 offers a compatibility
779 * mode to make a TLS 1.3 connection more likely to pass through middle boxes
780 * expecting TLS 1.2 traffic.
781 *
782 * Turning on the compatibility mode comes at the cost of a few added bytes
783 * on the wire, but it doesn't affect compatibility with TLS 1.3 implementations
784 * that don't use it. Therefore, unless transmission bandwidth is critical and
785 * you know that middlebox compatibility issues won't occur, it is therefore
786 * recommended to set this option.
787 *
788 * Comment to disable compatibility mode for TLS 1.3. If
Ronald Cron6f135e12021-12-08 16:57:54 +0100789 * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
790 * effect on the build.
Ronald Cronab65c522021-11-24 10:47:20 +0100791 *
792 */
Ronald Cron27eb68d2024-03-15 16:13:37 +0100793#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cronab65c522021-11-24 10:47:20 +0100794
795/**
Ronald Crond8d2ea52022-10-04 15:48:06 +0200796 * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
797 *
798 * Enable TLS 1.3 ephemeral key exchange mode.
799 *
Przemek Stekielce05f542023-06-15 16:44:08 +0200800 * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH
Manuel Pégourié-Gonnard4fa702a2023-03-29 12:15:24 +0200801 * MBEDTLS_X509_CRT_PARSE_C
802 * and at least one of:
Janos Follath277bba82024-11-19 16:14:00 +0000803 * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA
Ronald Cron5eb9aba2025-07-22 10:58:44 +0200804 * PSA_WANT_ALG_RSA_PSS
Ronald Crond8d2ea52022-10-04 15:48:06 +0200805 *
806 * Comment to disable support for the ephemeral key exchange mode in TLS 1.3.
807 * If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
808 * effect on the build.
809 *
810 */
811#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
812
813/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000814 * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
815 *
816 * Enable TLS 1.3 PSK key exchange mode.
817 *
818 * Comment to disable support for the PSK key exchange mode in TLS 1.3. If
819 * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
820 * effect on the build.
821 *
822 */
823#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
824
825/**
Ronald Crond8d2ea52022-10-04 15:48:06 +0200826 * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
827 *
828 * Enable TLS 1.3 PSK ephemeral key exchange mode.
829 *
Przemek Stekielce05f542023-06-15 16:44:08 +0200830 * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH
Ronald Crond8d2ea52022-10-04 15:48:06 +0200831 *
832 * Comment to disable support for the PSK ephemeral key exchange mode in
833 * TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not
834 * have any effect on the build.
835 *
836 */
837#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
838
839/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200840 * \def MBEDTLS_SSL_TLS_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000841 *
Paul Bakkere29ab062011-05-18 13:26:54 +0000842 * Enable the generic SSL/TLS code.
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000843 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000844 * Module: library/ssl_tls.c
Ronald Cronde1adee2022-03-07 16:20:30 +0100845 * Caller: library/ssl*_client.c
846 * library/ssl*_server.c
Paul Bakker5121ce52009-01-03 21:22:43 +0000847 *
Ronald Cron5eb9aba2025-07-22 10:58:44 +0200848 * Requires: PSA_WANT_ALG_SHA_256 or PSA_WANT_ALG_SHA_384
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200849 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines
Paul Bakker5690efc2011-05-26 13:16:06 +0000850 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000851 * This module is required for SSL/TLS.
852 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200853#define MBEDTLS_SSL_TLS_C
Paul Bakker5121ce52009-01-03 21:22:43 +0000854
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000855/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000856 * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000857 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000858 * When this option is enabled, the SSL buffer will be resized automatically
859 * based on the negotiated maximum fragment length in each direction.
Manuel Pégourié-Gonnard325ce092016-02-22 10:33:34 +0100860 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000861 * Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Paul Bakkerecd54fb2013-07-03 14:48:29 +0200862 */
Minos Galanakis80e76b62024-12-12 15:46:29 +0000863//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
Paul Bakker5121ce52009-01-03 21:22:43 +0000864
Minos Galanakis80e76b62024-12-12 15:46:29 +0000865//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 or 384 bits) */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200866//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
Minos Galanakis80e76b62024-12-12 15:46:29 +0000867//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
Angus Grattond8213d02016-05-25 20:56:48 +1000868
Gilles Peskined3d02902020-03-04 21:35:27 +0100869/** \def MBEDTLS_SSL_CID_IN_LEN_MAX
870 *
871 * The maximum length of CIDs used for incoming DTLS messages.
872 *
873 */
874//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
875
876/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX
877 *
878 * The maximum length of CIDs used for outgoing DTLS messages.
879 *
880 */
881//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
882
TRodziewicze8dd7092021-05-12 14:19:11 +0200883/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
Gilles Peskined3d02902020-03-04 21:35:27 +0100884 *
885 * This option controls the use of record plaintext padding
TRodziewicz1e660ed2021-05-26 17:08:54 +0200886 * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2.
Hanno Becker13996922020-05-28 16:15:19 +0100887 *
888 * The padding will always be chosen so that the length of the
889 * padded plaintext is a multiple of the value of this option.
890 *
891 * Note: A value of \c 1 means that no padding will be used
892 * for outgoing records.
893 *
894 * Note: On systems lacking division instructions,
895 * a power of two should be preferred.
896 */
TRodziewicze8dd7092021-05-12 14:19:11 +0200897//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
Hanno Becker13996922020-05-28 16:15:19 +0100898
Minos Galanakis80e76b62024-12-12 15:46:29 +0000899/**
900 * Complete list of ciphersuites to use, in order of preference.
901 *
902 * \warning No dependency checking is done on that field! This option can only
903 * be used to restrict the set of available ciphersuites. It is your
904 * responsibility to make sure the needed modules are active.
905 *
906 * Use this to save a few hundred bytes of ROM (default ordering of all
907 * available ciphersuites) and a few to a few hundred bytes of RAM.
908 *
909 * The value below is only an example, not the default.
910 */
911//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
912
913//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
914
915/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING
916 *
917 * Maximum number of heap-allocated bytes for the purpose of
918 * DTLS handshake message reassembly and future message buffering.
919 *
920 * This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN
921 * to account for a reassembled handshake message of maximum size,
922 * together with its reassembly bitmap.
923 *
924 * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default)
925 * should be sufficient for all practical situations as it allows
926 * to reassembly a large handshake message (such as a certificate)
927 * while buffering multiple smaller handshake messages.
928 *
929 */
930//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
931
932/** \def MBEDTLS_SSL_IN_CONTENT_LEN
933 *
934 * Maximum length (in bytes) of incoming plaintext fragments.
935 *
936 * This determines the size of the incoming TLS I/O buffer in such a way
937 * that it is capable of holding the specified amount of plaintext data,
938 * regardless of the protection mechanism used.
939 *
940 * \note When using a value less than the default of 16KB on the client, it is
941 * recommended to use the Maximum Fragment Length (MFL) extension to
942 * inform the server about this limitation. On the server, there
943 * is no supported, standardized way of informing the client about
944 * restriction on the maximum size of incoming messages, and unless
945 * the limitation has been communicated by other means, it is recommended
946 * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
947 * while keeping the default value of 16KB for the incoming buffer.
948 *
949 * Uncomment to set the maximum plaintext size of the incoming I/O buffer.
950 */
951//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
952
953/**
954 * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
955 *
956 * The default maximum amount of 0-RTT data. See the documentation of
957 * \c mbedtls_ssl_conf_max_early_data_size() for more information.
958 *
959 * It must be positive and smaller than UINT32_MAX.
960 *
961 * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
962 * have any impact on the build.
963 */
964//#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024
965
Angus Grattond8213d02016-05-25 20:56:48 +1000966/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
967 *
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500968 * Maximum length (in bytes) of outgoing plaintext fragments.
Angus Grattond8213d02016-05-25 20:56:48 +1000969 *
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500970 * This determines the size of the outgoing TLS I/O buffer in such a way
971 * that it is capable of holding the specified amount of plaintext data,
972 * regardless of the protection mechanism used.
973 *
Angus Grattond8213d02016-05-25 20:56:48 +1000974 * It is possible to save RAM by setting a smaller outward buffer, while keeping
975 * the default inward 16384 byte buffer to conform to the TLS specification.
976 *
977 * The minimum required outward buffer size is determined by the handshake
978 * protocol's usage. Handshaking will fail if the outward buffer is too small.
979 * The specific size requirement depends on the configured ciphers and any
980 * certificate data which is sent during the handshake.
981 *
David Horstmann95d516f2021-05-04 18:36:56 +0100982 * Uncomment to set the maximum plaintext size of the outgoing I/O buffer.
Angus Grattond8213d02016-05-25 20:56:48 +1000983 */
984//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
985
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200986/**
Minos Galanakis80e76b62024-12-12 15:46:29 +0000987 * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200988 *
Minos Galanakis80e76b62024-12-12 15:46:29 +0000989 * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server
990 * after handshake completion. This is not used in TLS 1.2 and relevant only if
991 * the MBEDTLS_SSL_SESSION_TICKETS option is enabled.
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200992 *
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200993 */
Minos Galanakis80e76b62024-12-12 15:46:29 +0000994//#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
Tom Cosgrovea63775b2023-09-14 13:31:19 +0100995
996/**
Gilles Peskinea8d7e432022-08-04 23:39:41 +0200997 * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
998 *
Jerry Yucf913512023-11-14 11:06:52 +0800999 * Maximum allowed ticket age difference in milliseconds tolerated between
Jerry Yu034a8b72023-11-10 12:20:19 +08001000 * server and client. Default value is 6000. This is not used in TLS 1.2.
Gilles Peskinea8d7e432022-08-04 23:39:41 +02001001 *
Jerry Yu034a8b72023-11-10 12:20:19 +08001002 * - The client ticket age is the time difference between the time when the
1003 * client proposes to the server to use the ticket and the time the client
1004 * received the ticket from the server.
1005 * - The server ticket age is the time difference between the time when the
1006 * server receives a proposition from the client to use the ticket and the
1007 * time when the ticket was created by the server.
1008 *
Jerry Yucf913512023-11-14 11:06:52 +08001009 * The ages might be different due to the client and server clocks not running
1010 * at the same pace. The typical accuracy of an RTC crystal is ±100 to ±20 parts
1011 * per million (360 to 72 milliseconds per hour). Default tolerance window is
1012 * 6s, thus in the worst case clients and servers must sync up their system time
1013 * every 6000/360/2~=8 hours.
Gilles Peskinea8d7e432022-08-04 23:39:41 +02001014 *
Jerry Yu04fceb72023-11-15 09:52:46 +08001015 * See section 8.3 of the TLS 1.3 specification(RFC 8446) for more information.
Gilles Peskinea8d7e432022-08-04 23:39:41 +02001016 */
Gilles Peskined65ea422023-09-05 21:07:32 +02001017//#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
Gilles Peskinea8d7e432022-08-04 23:39:41 +02001018
Minos Galanakis1bf85a82024-12-12 16:29:38 +00001019/**
1020 * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
1021 *
1022 * Size in bytes of a ticket nonce. This is not used in TLS 1.2.
1023 *
1024 * This must be less than 256.
1025 */
1026//#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
1027
Minos Galanakis80e76b62024-12-12 15:46:29 +00001028/** \} name SECTION: TLS feature selection */
1029
Gilles Peskinea8d7e432022-08-04 23:39:41 +02001030/**
Minos Galanakis80e76b62024-12-12 15:46:29 +00001031 * \name SECTION: X.509 feature selection
Gilles Peskinea8d7e432022-08-04 23:39:41 +02001032 *
Minos Galanakis80e76b62024-12-12 15:46:29 +00001033 * This section sets Certificate related options.
1034 * \{
Gilles Peskinea8d7e432022-08-04 23:39:41 +02001035 */
Minos Galanakis80e76b62024-12-12 15:46:29 +00001036
1037/**
1038 * \def MBEDTLS_PKCS7_C
1039 *
1040 * Enable PKCS #7 core for using PKCS #7-formatted signatures.
1041 * RFC Link - https://tools.ietf.org/html/rfc2315
1042 *
1043 * Module: library/pkcs7.c
1044 *
Gilles Peskine02ec5852025-05-12 20:52:07 +02001045 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_PK_PARSE_C,
Minos Galanakis80e76b62024-12-12 15:46:29 +00001046 * MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C,
1047 * MBEDTLS_BIGNUM_C, MBEDTLS_MD_C
1048 *
1049 * This module is required for the PKCS #7 parsing modules.
1050 */
1051#define MBEDTLS_PKCS7_C
1052
1053/**
1054 * \def MBEDTLS_X509_CREATE_C
1055 *
1056 * Enable X.509 core for creating certificates.
1057 *
1058 * Module: library/x509_create.c
1059 *
Gilles Peskine02ec5852025-05-12 20:52:07 +02001060 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_PK_PARSE_C,
Minos Galanakis80e76b62024-12-12 15:46:29 +00001061 *
1062 * \warning You must call psa_crypto_init() before doing any X.509 operation.
1063 *
1064 * This module is the basis for creating X.509 certificates and CSRs.
1065 */
1066#define MBEDTLS_X509_CREATE_C
1067
1068/**
1069 * \def MBEDTLS_X509_CRL_PARSE_C
1070 *
1071 * Enable X.509 CRL parsing.
1072 *
1073 * Module: library/x509_crl.c
1074 * Caller: library/x509_crt.c
1075 *
1076 * Requires: MBEDTLS_X509_USE_C
1077 *
1078 * This module is required for X.509 CRL parsing.
1079 */
1080#define MBEDTLS_X509_CRL_PARSE_C
1081
1082/**
1083 * \def MBEDTLS_X509_CRT_PARSE_C
1084 *
1085 * Enable X.509 certificate parsing.
1086 *
1087 * Module: library/x509_crt.c
1088 * Caller: library/ssl_tls.c
1089 * library/ssl*_client.c
1090 * library/ssl*_server.c
1091 *
1092 * Requires: MBEDTLS_X509_USE_C
1093 *
1094 * This module is required for X.509 certificate parsing.
1095 */
1096#define MBEDTLS_X509_CRT_PARSE_C
1097
1098/**
1099 * \def MBEDTLS_X509_CRT_WRITE_C
1100 *
1101 * Enable creating X.509 certificates.
1102 *
1103 * Module: library/x509_crt_write.c
1104 *
1105 * Requires: MBEDTLS_X509_CREATE_C
1106 *
1107 * This module is required for X.509 certificate creation.
1108 */
1109#define MBEDTLS_X509_CRT_WRITE_C
1110
1111/**
1112 * \def MBEDTLS_X509_CSR_PARSE_C
1113 *
1114 * Enable X.509 Certificate Signing Request (CSR) parsing.
1115 *
1116 * Module: library/x509_csr.c
1117 * Caller: library/x509_crt_write.c
1118 *
1119 * Requires: MBEDTLS_X509_USE_C
1120 *
1121 * This module is used for reading X.509 certificate request.
1122 */
1123#define MBEDTLS_X509_CSR_PARSE_C
1124
1125/**
1126 * \def MBEDTLS_X509_CSR_WRITE_C
1127 *
1128 * Enable creating X.509 Certificate Signing Requests (CSR).
1129 *
1130 * Module: library/x509_csr_write.c
1131 *
1132 * Requires: MBEDTLS_X509_CREATE_C
1133 *
1134 * This module is required for X.509 certificate request writing.
1135 */
1136#define MBEDTLS_X509_CSR_WRITE_C
1137
1138/**
1139 * \def MBEDTLS_X509_REMOVE_INFO
1140 *
1141 * Disable mbedtls_x509_*_info() and related APIs.
1142 *
1143 * Uncomment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt()
1144 * and other functions/constants only used by these functions, thus reducing
1145 * the code footprint by several KB.
1146 */
1147//#define MBEDTLS_X509_REMOVE_INFO
1148
1149/**
1150 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
1151 *
1152 * Enable parsing and verification of X.509 certificates, CRLs and CSRS
1153 * signed with RSASSA-PSS (aka PKCS#1 v2.1).
1154 *
Ronald Cron5eb9aba2025-07-22 10:58:44 +02001155 * Requires: PSA_WANT_ALG_RSA_PSS
Minos Galanakis80e76b62024-12-12 15:46:29 +00001156 *
1157 * Comment this macro to disallow using RSASSA-PSS in certificates.
1158 */
1159#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
1160
1161/**
1162 * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
1163 *
1164 * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()`
1165 * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure
1166 * the set of trusted certificates through a callback instead of a linked
1167 * list.
1168 *
1169 * This is useful for example in environments where a large number of trusted
1170 * certificates is present and storing them in a linked list isn't efficient
1171 * enough, or when the set of trusted certificates changes frequently.
1172 *
1173 * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and
1174 * `mbedtls_ssl_conf_ca_cb()` for more information.
1175 *
1176 * Requires: MBEDTLS_X509_CRT_PARSE_C
1177 *
1178 * Uncomment to enable trusted certificate callbacks.
1179 */
1180//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
1181
1182/**
1183 * \def MBEDTLS_X509_USE_C
1184 *
1185 * Enable X.509 core for using certificates.
1186 *
1187 * Module: library/x509.c
1188 * Caller: library/x509_crl.c
1189 * library/x509_crt.c
1190 * library/x509_csr.c
1191 *
Gilles Peskine02ec5852025-05-12 20:52:07 +02001192 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_PK_PARSE_C
Minos Galanakis80e76b62024-12-12 15:46:29 +00001193 *
1194 * \warning You must call psa_crypto_init() before doing any X.509 operation.
1195 *
1196 * This module is required for the X.509 parsing modules.
1197 */
1198#define MBEDTLS_X509_USE_C
1199
1200//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
1201//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
1202
1203/** \} name SECTION: X.509 feature selection */