mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-28 00:21:48 +03:00
Merge pull request #4606 from TRodziewicz/turn__SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt
Turn _SSL_SRV_RESPECT_CLIENT_PREFERENCE config opt to a runtime opt
This commit is contained in:
@ -201,6 +201,9 @@
|
||||
#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0
|
||||
#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1
|
||||
|
||||
#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT 1
|
||||
#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER 0
|
||||
|
||||
/*
|
||||
* Default range for DTLS retransmission timer value, in milliseconds.
|
||||
* RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
|
||||
@ -1186,6 +1189,9 @@ struct mbedtls_ssl_config
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA list in
|
||||
Certificate Request messages? */
|
||||
unsigned int respect_cli_pref : 1; /*!< pick the ciphersuite according to
|
||||
the client's preferences rather
|
||||
than ours */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines whether DTLS
|
||||
@ -2493,9 +2499,12 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co
|
||||
* The ciphersuites array is not copied, and must remain
|
||||
* valid for the lifetime of the ssl_config.
|
||||
*
|
||||
* Note: The server uses its own preferences
|
||||
* over the preference of the client unless
|
||||
* MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
|
||||
* Note: By default, the server chooses its preferred
|
||||
* ciphersuite among those that the client supports. If
|
||||
* mbedtls_ssl_conf_preference_order() is called to prefer
|
||||
* the client's preferences, the server instead chooses
|
||||
* the client's preferred ciphersuite among those that
|
||||
* the server supports.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param ciphersuites 0-terminated list of allowed ciphersuites
|
||||
@ -3293,6 +3302,19 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
|
||||
int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
|
||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
/**
|
||||
* \brief Pick the ciphersuites order according to the second parameter
|
||||
* in the SSL Server module (MBEDTLS_SSL_SRV_C).
|
||||
* (Default, if never called: MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER)
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param order Server or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER
|
||||
* or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)
|
||||
*/
|
||||
void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order );
|
||||
#endif /* MBEDTLS_SSL_SRV_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
/**
|
||||
* \brief Activate negotiation of truncated HMAC
|
||||
|
Reference in New Issue
Block a user