diff options
Diffstat (limited to 'configs/config-suite-b.h')
-rw-r--r-- | configs/config-suite-b.h | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index dd9a2a0..18e2c40 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -22,8 +22,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ /* - * Minimal configuration for the crypto required for TLS NSA Suite B Profile - * (RFC 6460) + * Minimal configuration for TLS NSA Suite B Profile (RFC 6460) * * Distinguishing features: * - no RSA or classic DH, fully based on ECC @@ -46,6 +45,8 @@ /* mbed TLS feature support */ #define MBEDTLS_ECP_DP_SECP256R1_ENABLED #define MBEDTLS_ECP_DP_SECP384R1_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +#define MBEDTLS_SSL_PROTO_TLS1_2 /* mbed TLS modules */ #define MBEDTLS_AES_C @@ -66,6 +67,9 @@ #define MBEDTLS_PK_PARSE_C #define MBEDTLS_SHA256_C #define MBEDTLS_SHA512_C +#define MBEDTLS_SSL_CLI_C +#define MBEDTLS_SSL_SRV_C +#define MBEDTLS_SSL_TLS_C #define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_X509_USE_C @@ -95,6 +99,19 @@ */ #define MBEDTLS_ENTROPY_MAX_SOURCES 2 +/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ +#define MBEDTLS_SSL_CIPHERSUITES \ + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \ + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + +/* + * Save RAM at the expense of interoperability: do this only if you control + * both ends of the connection! (See coments in "mbedtls/ssl.h".) + * The minimum size here depends on the certificate chain used as well as the + * typical size of records. + */ +#define MBEDTLS_SSL_MAX_CONTENT_LEN 1024 + #include "mbedtls/check_config.h" #endif /* MBEDTLS_CONFIG_H */ |