Mbed TLS v3.6.3
Loading...
Searching...
No Matches
config_adjust_ssl.h
Go to the documentation of this file.
1
19/*
20 * Copyright The Mbed TLS Contributors
21 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
22 */
23
24#ifndef MBEDTLS_CONFIG_ADJUST_SSL_H
25#define MBEDTLS_CONFIG_ADJUST_SSL_H
26
27#if !defined(MBEDTLS_CONFIG_FILES_READ)
28#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
29 "up to and including runtime errors such as buffer overflows. " \
30 "If you're trying to fix a complaint from check_config.h, just remove " \
31 "it from your configuration file: since Mbed TLS 3.0, it is included " \
32 "automatically at the right point."
33#endif /* */
34
35/* The following blocks make it easier to disable all of TLS,
36 * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all
37 * key exchanges, options and extensions related to them. */
38
39#if !defined(MBEDTLS_SSL_TLS_C)
40#undef MBEDTLS_SSL_CLI_C
41#undef MBEDTLS_SSL_SRV_C
42#undef MBEDTLS_SSL_PROTO_TLS1_3
43#undef MBEDTLS_SSL_PROTO_TLS1_2
44#undef MBEDTLS_SSL_PROTO_DTLS
45#endif
46
47#if !(defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS))
48#undef MBEDTLS_SSL_TICKET_C
49#endif
50
51#if !defined(MBEDTLS_SSL_PROTO_DTLS)
52#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
53#undef MBEDTLS_SSL_DTLS_CONNECTION_ID
54#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
55#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
56#undef MBEDTLS_SSL_DTLS_SRTP
57#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
58#endif
59
60#if !defined(MBEDTLS_SSL_PROTO_TLS1_2)
61#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
62#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
63#undef MBEDTLS_SSL_RENEGOTIATION
64#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
65#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
66#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
67#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
68#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
69#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
70#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
71#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
72#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
73#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
74#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
75#endif
76
77#if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
78#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
79#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
80#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
81#undef MBEDTLS_SSL_EARLY_DATA
82#undef MBEDTLS_SSL_RECORD_SIZE_LIMIT
83#endif
84
85#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
86 (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
87 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
88#define MBEDTLS_SSL_TLS1_2_SOME_ECC
89#endif
90
91#endif /* MBEDTLS_CONFIG_ADJUST_SSL_H */