1 /** 2 * \file mbedtls/config_adjust_ssl.h 3 * \brief Adjust TLS configuration 4 * 5 * Automatically enable certain dependencies. Generally, MBEDLTS_xxx 6 * configurations need to be explicitly enabled by the user: enabling 7 * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a 8 * compilation error. However, we do automatically enable certain options 9 * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option 10 * used to identify parts of a module that are used by other module, and we 11 * don't want to make the symbol MBEDTLS_xxx_B part of the public API. 12 * Another case is if A didn't depend on B in earlier versions, and we 13 * want to use B in A but we need to preserve backward compatibility with 14 * configurations that explicitly activate MBEDTLS_xxx_A but not 15 * MBEDTLS_xxx_B. 16 */ 17 /* 18 * Copyright The Mbed TLS Contributors 19 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 20 */ 21 22 #ifndef MBEDTLS_CONFIG_ADJUST_SSL_H 23 #define MBEDTLS_CONFIG_ADJUST_SSL_H 24 25 /* The following blocks make it easier to disable all of TLS, 26 * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all 27 * key exchanges, options and extensions related to them. */ 28 29 #if !defined(MBEDTLS_SSL_TLS_C) 30 #undef MBEDTLS_SSL_CLI_C 31 #undef MBEDTLS_SSL_SRV_C 32 #undef MBEDTLS_SSL_PROTO_TLS1_3 33 #undef MBEDTLS_SSL_PROTO_TLS1_2 34 #undef MBEDTLS_SSL_PROTO_DTLS 35 #endif 36 37 #if !defined(MBEDTLS_SSL_PROTO_DTLS) 38 #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY 39 #undef MBEDTLS_SSL_DTLS_CONNECTION_ID 40 #undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 41 #undef MBEDTLS_SSL_DTLS_HELLO_VERIFY 42 #undef MBEDTLS_SSL_DTLS_SRTP 43 #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 44 #endif 45 46 #if !defined(MBEDTLS_SSL_PROTO_TLS1_2) 47 #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC 48 #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET 49 #undef MBEDTLS_SSL_RENEGOTIATION 50 #undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 51 #undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 52 #undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 53 #undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 54 #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 55 #undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 56 #undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 57 #undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 58 #undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 59 #undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 60 #undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 61 #endif 62 63 #if !defined(MBEDTLS_SSL_PROTO_TLS1_3) 64 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 65 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 66 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 67 #undef MBEDTLS_SSL_EARLY_DATA 68 #endif 69 70 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 71 (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ 72 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) 73 #define MBEDTLS_SSL_TLS1_2_SOME_ECC 74 #endif 75 76 #endif /* MBEDTLS_CONFIG_ADJUST_SSL_H */ 77