1 /** 2 * \file mbedtls/config_adjust_ssl.h 3 * \brief Adjust TLS configuration 4 * 5 * This is an internal header. Do not include it directly. 6 * 7 * Automatically enable certain dependencies. Generally, MBEDTLS_xxx 8 * configurations need to be explicitly enabled by the user: enabling 9 * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a 10 * compilation error. However, we do automatically enable certain options 11 * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option 12 * used to identify parts of a module that are used by other module, and we 13 * don't want to make the symbol MBEDTLS_xxx_B part of the public API. 14 * Another case is if A didn't depend on B in earlier versions, and we 15 * want to use B in A but we need to preserve backward compatibility with 16 * configurations that explicitly activate MBEDTLS_xxx_A but not 17 * MBEDTLS_xxx_B. 18 */ 19 /* 20 * Copyright The Mbed TLS Contributors 21 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 22 */ 23 24 #ifndef MBEDTLS_CONFIG_ADJUST_SSL_H 25 #define MBEDTLS_CONFIG_ADJUST_SSL_H 26 27 #if !defined(MBEDTLS_CONFIG_FILES_READ) 28 #error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ 29 "up to and including runtime errors such as buffer overflows. " \ 30 "If you're trying to fix a complaint from check_config.h, just remove " \ 31 "it from your configuration file: since Mbed TLS 3.0, it is included " \ 32 "automatically at the right point." 33 #endif /* */ 34 35 /* The following blocks make it easier to disable all of TLS, 36 * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all 37 * key exchanges, options and extensions related to them. */ 38 39 #if !defined(MBEDTLS_SSL_TLS_C) 40 #undef MBEDTLS_SSL_CLI_C 41 #undef MBEDTLS_SSL_SRV_C 42 #undef MBEDTLS_SSL_PROTO_TLS1_3 43 #undef MBEDTLS_SSL_PROTO_TLS1_2 44 #undef MBEDTLS_SSL_PROTO_DTLS 45 #endif 46 47 #if !(defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)) 48 #undef MBEDTLS_SSL_TICKET_C 49 #endif 50 51 #if !defined(MBEDTLS_SSL_PROTO_DTLS) 52 #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY 53 #undef MBEDTLS_SSL_DTLS_CONNECTION_ID 54 #undef MBEDTLS_SSL_DTLS_HELLO_VERIFY 55 #undef MBEDTLS_SSL_DTLS_SRTP 56 #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 57 #endif 58 59 #if !defined(MBEDTLS_SSL_PROTO_TLS1_2) 60 #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC 61 #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET 62 #undef MBEDTLS_SSL_RENEGOTIATION 63 #undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 64 #undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 65 #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 66 #undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 67 #undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 68 #undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 69 #undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 70 #endif 71 72 #if !defined(MBEDTLS_SSL_PROTO_TLS1_3) 73 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 74 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 75 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 76 #undef MBEDTLS_SSL_EARLY_DATA 77 #undef MBEDTLS_SSL_RECORD_SIZE_LIMIT 78 #endif 79 80 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 81 (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ 82 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) 83 #define MBEDTLS_SSL_TLS1_2_SOME_ECC 84 #endif 85 86 #endif /* MBEDTLS_CONFIG_ADJUST_SSL_H */ 87