1 /**
2  * \file mbedtls/config_adjust_ssl.h
3  * \brief Adjust TLS configuration
4  *
5  * Automatically enable certain dependencies. Generally, MBEDLTS_xxx
6  * configurations need to be explicitly enabled by the user: enabling
7  * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
8  * compilation error. However, we do automatically enable certain options
9  * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
10  * used to identify parts of a module that are used by other module, and we
11  * don't want to make the symbol MBEDTLS_xxx_B part of the public API.
12  * Another case is if A didn't depend on B in earlier versions, and we
13  * want to use B in A but we need to preserve backward compatibility with
14  * configurations that explicitly activate MBEDTLS_xxx_A but not
15  * MBEDTLS_xxx_B.
16  */
17 /*
18  *  Copyright The Mbed TLS Contributors
19  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
20  */
21 
22 #ifndef MBEDTLS_CONFIG_ADJUST_SSL_H
23 #define MBEDTLS_CONFIG_ADJUST_SSL_H
24 
25 /* The following blocks make it easier to disable all of TLS,
26  * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all
27  * key exchanges, options and extensions related to them. */
28 
29 #if !defined(MBEDTLS_SSL_TLS_C)
30 #undef MBEDTLS_SSL_CLI_C
31 #undef MBEDTLS_SSL_SRV_C
32 #undef MBEDTLS_SSL_PROTO_TLS1_3
33 #undef MBEDTLS_SSL_PROTO_TLS1_2
34 #undef MBEDTLS_SSL_PROTO_DTLS
35 #endif
36 
37 #if !(defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS))
38 #undef MBEDTLS_SSL_TICKET_C
39 #endif
40 
41 #if !defined(MBEDTLS_SSL_PROTO_DTLS)
42 #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
43 #undef MBEDTLS_SSL_DTLS_CONNECTION_ID
44 #undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
45 #undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
46 #undef MBEDTLS_SSL_DTLS_SRTP
47 #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
48 #endif
49 
50 #if !defined(MBEDTLS_SSL_PROTO_TLS1_2)
51 #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
52 #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
53 #undef MBEDTLS_SSL_RENEGOTIATION
54 #undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
55 #undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
56 #undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
57 #undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
58 #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
59 #undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
60 #undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
61 #undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
62 #undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
63 #undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
64 #undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
65 #endif
66 
67 #if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
68 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
69 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
70 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
71 #undef MBEDTLS_SSL_EARLY_DATA
72 #undef MBEDTLS_SSL_RECORD_SIZE_LIMIT
73 #endif
74 
75 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
76     (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
77     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
78 #define MBEDTLS_SSL_TLS1_2_SOME_ECC
79 #endif
80 
81 #endif /* MBEDTLS_CONFIG_ADJUST_SSL_H */
82