File ssl_ciphersuites.h

SSL Ciphersuites for Mbed TLS.

Defines

MBEDTLS_TLS_RSA_WITH_NULL_MD5: Weak!

MBEDTLS_TLS_RSA_WITH_NULL_SHA: Weak!

MBEDTLS_TLS_PSK_WITH_NULL_SHA: Weak!

MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA

MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA

MBEDTLS_TLS_RSA_WITH_NULL_SHA256: Weak!

MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256: TLS 1.2

MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256: TLS 1.2

MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA

MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA

MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256: TLS 1.2

MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384: TLS 1.2

MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256: TLS 1.2

MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384: TLS 1.2

MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256

MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384

MBEDTLS_TLS_PSK_WITH_NULL_SHA256: Weak!

MBEDTLS_TLS_PSK_WITH_NULL_SHA384: Weak!

MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256: TLS 1.2

MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256: TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA: Weak!

MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA

MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA: Weak!

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA: Weak!

MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA

MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA: Weak!

MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: TLS 1.2

MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA

MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA

MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256

MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384

MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA

MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256

MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384

MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256: TLS 1.2

MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384: TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256: TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384: TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256: TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384: TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256: TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384: TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256: TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384: TLS 1.2

MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256: TLS 1.2

MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384: TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256: TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384: TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256: TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384: TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256: TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384: TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256: TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384: TLS 1.2

MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256: TLS 1.2

MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384: TLS 1.2

MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256: TLS 1.2

MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384: TLS 1.2

MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256: TLS 1.2

MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384: TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256

MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384

MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256

MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384

MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256

MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384

MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256

MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384

MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256: TLS 1.2

MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384: TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256: TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384: TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256: TLS 1.2

MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384: TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: TLS 1.2

MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384: TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256: TLS 1.2

MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384: TLS 1.2

MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256: TLS 1.2

MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384: TLS 1.2

MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256

MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384

MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256

MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384

MBEDTLS_TLS_RSA_WITH_AES_128_CCM: TLS 1.2

MBEDTLS_TLS_RSA_WITH_AES_256_CCM: TLS 1.2

MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8: TLS 1.2

MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8: TLS 1.2

MBEDTLS_TLS_PSK_WITH_AES_128_CCM: TLS 1.2

MBEDTLS_TLS_PSK_WITH_AES_256_CCM: TLS 1.2

MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8: TLS 1.2

MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8: TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM: TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM: TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8: TLS 1.2

MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8: experimental

MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: TLS 1.2

MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: TLS 1.2

MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256: TLS 1.2

MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256: TLS 1.2

MBEDTLS_TLS1_3_AES_128_GCM_SHA256: TLS 1.3

MBEDTLS_TLS1_3_AES_256_GCM_SHA384: TLS 1.3

MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256: TLS 1.3

MBEDTLS_TLS1_3_AES_128_CCM_SHA256: TLS 1.3

MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256: TLS 1.3

MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED

MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED

MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED

MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED

MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED

MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED

MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED

MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED

MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED

MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED

MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED

MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED

MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED

MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED

MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED

MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED

MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_ECDHE_ENABLED

MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED

MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED

MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED

MBEDTLS_CIPHERSUITE_WEAK: Weak ciphersuite flag

MBEDTLS_CIPHERSUITE_SHORT_TAG: Short authentication tag, eg for CCM_8

MBEDTLS_CIPHERSUITE_NODTLS: Can’t be used with DTLS

Typedefs

typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t

Enums

enum mbedtls_key_exchange_type_t

Values:

enumerator MBEDTLS_KEY_EXCHANGE_NONE

enumerator MBEDTLS_KEY_EXCHANGE_RSA

enumerator MBEDTLS_KEY_EXCHANGE_ECDHE_RSA

enumerator MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA

enumerator MBEDTLS_KEY_EXCHANGE_PSK

enumerator MBEDTLS_KEY_EXCHANGE_ECDHE_PSK

enumerator MBEDTLS_KEY_EXCHANGE_ECDH_RSA

enumerator MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA

enumerator MBEDTLS_KEY_EXCHANGE_ECJPAKE

Functions

const int *mbedtls_ssl_list_ciphersuites(void)

const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name)

const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id)

static inline const char *mbedtls_ssl_ciphersuite_get_name(const mbedtls_ssl_ciphersuite_t *info)

static inline int mbedtls_ssl_ciphersuite_get_id(const mbedtls_ssl_ciphersuite_t *info)

size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)

struct mbedtls_ssl_ciphersuite_t

#include <ssl_ciphersuites.h>

This structure is used for storing ciphersuite information.

Note

members are defined using integral types instead of enums in order to pack structure and reduce memory usage by internal ciphersuite_definitions[]

Public Members

int private_id

const char *private_name

uint8_t private_cipher

uint8_t private_mac

uint8_t private_key_exchange

uint8_t private_flags

uint16_t private_min_tls_version

uint16_t private_max_tls_version