Add compile-time option to hardcode choice of single ciphersuite

commit: 5cce936e622e96f47b28d3ee5156398b71d8f6a1 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Wed Jun 26 11:39:32 2019 +0100
committer: Hanno Becker <hanno.becker@arm.com> Mon Jul 08 11:17:53 2019 +0100
tree: f68c8100a632cb6b4a2eba66a0b814e1ede0b4de
parent: b09132d33ac05afc204edde83d6b9f91908a67da [diff] [blame]
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 91d2550..2b7e9da 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h

@@ -3641,6 +3641,17 @@
 //#define MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET MBEDTLS_SSL_EXTENDED_MS_ENABLED
 //#define MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED
 
+/* Set this to MBEDTLS_SUITE_{OFFICIAL_SUITE_NAME} to hardcode
+ * the choice of a fixed ciphersuite at compile-time.
+ *
+ * You need to make sure that the corresponding ciphersuite attributes
+ * are defined through macros in ssl_ciphersuites.h. See the definitions
+ * of MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_XXX for an example.
+ *
+ * If this option is set, the API mbedtls_ssl_conf_ciphersuites() is removed.
+ */
+//#define MBEDTLS_SSL_SINGLE_CIPHERSUITE MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
+
 /* \} SECTION: Compile-time SSL configuration */
 
 /* Target and application specific configurations
commit	5cce936e622e96f47b28d3ee5156398b71d8f6a1	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Wed Jun 26 11:39:32 2019 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Mon Jul 08 11:17:53 2019 +0100
tree	f68c8100a632cb6b4a2eba66a0b814e1ede0b4de
parent	b09132d33ac05afc204edde83d6b9f91908a67da [diff] [blame]