TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 8476f2f30a1b775d25349e082caf993b8213cbdb^! / . / include / mbedtls / ssl.h
commit8476f2f30a1b775d25349e082caf993b8213cbdb[log] [tgz]
authorTRodziewicz <tomasz.rodziewicz@mobica.com>Wed Jun 02 14:34:47 2021 +0200
committerTRodziewicz <tomasz.rodziewicz@mobica.com>Mon Jun 14 11:56:20 2021 +0200
treeff98132230ea251272076e0028737dbe328a0274
parent21f84643f888acf37de853898efb02dcd179afc3 [diff] [blame]
Turn _SSL_SRV_RESPECT_CLIENT_PREFERENCE config option to a runtime option

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index c293b88..364239a 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -200,6 +200,9 @@
 #define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED    0
 #define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED      1
 
+#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_ENABLED    1
+#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED   0
+
 /*
  * Default range for DTLS retransmission timer value, in milliseconds.
  * RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
@@ -1185,6 +1188,9 @@
 #if defined(MBEDTLS_SSL_SRV_C)
     unsigned int cert_req_ca_list : 1;  /*!< enable sending CA list in
                                           Certificate Request messages?     */
+    unsigned int respect_cli_pref : 1;  /*!< pick the ciphersuite according to
+                                          the client's preferences rather
+                                          than ours                         */
 #endif
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     unsigned int ignore_unexpected_cid : 1; /*!< Determines whether DTLS
@@ -2494,7 +2500,7 @@
  *
  *                      Note: The server uses its own preferences
  *                      over the preference of the client unless
- *                      MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
+ *                      conf->respect_cli_pref is enabled!
  *
  * \param conf          SSL configuration
  * \param ciphersuites  0-terminated list of allowed ciphersuites
@@ -3292,6 +3298,19 @@
 int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
+#if defined(MBEDTLS_SSL_SRV_C)
+/**
+ * \brief          Pick the ciphersuite according to the client's preferences
+ *                 rather than ours in the SSL Server module (MBEDTLS_SSL_SRV_C).
+ *                 (Default: MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED)
+ *
+ * \param conf     SSL configuration
+ * \param enable   Enable or disable (MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_ENABLED
+ *                                 or MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED)
+ */
+void mbedtls_ssl_conf_respect_client_preference( mbedtls_ssl_config *conf, int enable );
+#endif /* MBEDTLS_SSL_SRV_C */
+
 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
 /**
  * \brief          Activate negotiation of truncated HMAC